The FBI, HHS, and the Cybersecurity and Infrastructure Security Agency (CISA) have revealed that there is “credible information” that cybercriminals will be launching attacks on healthcare providers in the coming weeks and months. According to the warning, all healthcare providers with access to Patient Health Information must do what they can to recognize, deter, and report these attacks as they happen.
Based on the release, it is clear that certain tactics and targets will be more popular than others. Officials have determined that the hackers will attempt to "infect systems with Ryuk ransomware for financial gain." These malicious individuals will also use Trickbot malware to disrupt services, steal data, and also utilize ransomware for extortion.
The specific threats “include credential harvesting, mail exfiltration, cryptomining, point-of-sale data exfiltration, and the deployment of ransomware, such as Ryuk." The officials believe that the scale of the assault will be unlike anything that has been witnessed before.
These attacks are years in the making, as Trickbot’s developers have worked to improve the malware to be less detectable and harder to root out when it has been implanted. It is also believed that the current healthcare system is overburdened due to the pandemic, making it a more vulnerable target.
While the current actions of the cyber attackers appear to be in preparation for infiltrating high-profile targets, it’s important for every healthcare provider to prepare, including smaller medical practices and doctor’s offices.
Although it is difficult to thoroughly prepare for every eventuality, the fact remains that some actions can provide heightened protection to deter hackers or limit their access. The following suggestions are something that every medical provider should do in the coming weeks:
- Keep an eye out for manufacturer releases for operating systems, firmware, and software and implement them as soon as possible.
- Integrate multifactor authentication as much as you can.
- Insist on password changes often, and do not allow people to reuse their passwords.
- Disable unnecessary Remote Desktop Protocols
- Implement the 3-2-1 Rule for data backups
- The rule states that three copies of all critical data are retained on at least two different types of media and at least one of them is stored offline.
The advisory also noted that organizations that are victims of ransomware may not regain access to their devices or have data returned after paying; in fact, the decryption keys “sold” to the victim may not work, and paying might make the organization more likely to be attacked again.
Preparing for such a threat is not something that every doctor’s office is capable of doing on their own. In times like these, it is necessary to secure data by any means necessary, even if that requires bringing in a third party for help. A qualified security solutions company could evaluate a medical practice to determine specific risks that face the business. From there, they can provide general vulnerability protection while implementing the recommendations that have been issued by the FBI, HHS, and CISA.
Now is the time to act and shore up the protections around medical data. This threat is real and specific enough that a few major actions on the part of responsible stakeholders can prevent a massive loss of data or money.