Ransomware attacks hit major hospital networks

Hospitals and health care systems across the United States are increasingly the targets of ransomware attacks in what is thought to be a coordinated cybercrime effort by Russia. The Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Department of Health and Human Services issued a warning on October 28 (and updated on November 2) warning the health care industry of the “increased and imminent” threat of ransomware attacks.

While hospitals and health care systems have been hit by ransomware attacks in the past, they have been particularly vulnerable to ransomware and other cyberattacks since the start of the global pandemic. Since mid-summer, hospitals in multiple states have been attacked by some form of ransomware.

Ransomware is a form of malware that encrypts a victim’s files. Once in the system, generally through a spoofing or phishing attack, the hacker then demands a ransom from the victim in order to restore access to the data upon a payment. Victims are generally shown instructions for paying the fee in order to get the decryption fee. Typically, paying the ransom is not advised, absent extenuating circumstances.

While the health care industry appears to be the target here, cybercriminals may be emboldened by the recent attacks and target other industries. In order to prepare, organizations should:

Review and refresh data breach response plans and disaster recovery plans;
Educate employees on phishing and spoofing attacks, which often provide the access for attackers and have increased during the pandemic;
Implement and maintain strong cybersecurity protocols, such as requiring personnel to regularly change passwords and use secure networks; and
Ensure that backups are secure and available.

Most importantly, and given the potential to let the cybersecurity guard down to focus on other issues like the pandemic, it’s imperative that organizations continue to remain vigilant and prepared for these types of attacks.

Tags: Cybersecurity, Data Privacy, Data Breach

Search Exactly
Search All Words

Author

Jenny L. Holmes

Associate

Posts By this author

Thank you for your request to e-mail Jenny Holmes.

While you are welcome to contact an attorney at Nixon Peabody LLP, you should be aware that this Web site presents general information about Nixon Peabody LLP and is not intended as legal advice, nor should you consider it as such. You should not act upon this information without seeking professional counsel.

Please keep in mind that merely contacting Nixon Peabody LLP will not establish an attorney-client relationship. Nixon Peabody LLP cannot represent you until the firm knows there would not be a conflict of interest and the firm determines that it is otherwise able to accept the engagement. Accordingly, please do not send Nixon Peabody LLP any information or documents until a formal attorney-client relationship has been established through an interview with an attorney and you receive authorization in the form of an engagement letter from Nixon Peabody LLP. Any information or documents sent prior to your receipt of an engagement letter cannot be treated as confidences, secrets, or protected information of any nature.

Clicking on the link below acknowledges that you understand and agree with this notice.

Continue with e-mail to Jenny Holmes.

;

Nixon Peabody Blog

DATA PRIVACY

Ransomware attacks hit major hospital networks

BY Jenny L. Holmes

Tags: Cybersecurity, Data Privacy, Data Breach

DATA PRIVACY

Ransomware attacks hit major hospital networks

BY Jenny L. Holmes

Tags: Cybersecurity, Data Privacy, Data Breach

Related Content

FTC settles data security complaint against Zoom

Recent enforcement under OCR’s Right of Access Initiative leads...

New browser feature allows users to opt out of data collection

The Ninth Circuit strikes back on FISA abuse: But is it too...

The once-and-future Privacy Shield (?)

Federal Trade Commission held workshop addressing data...