Hospitals and health care systems across the United States are increasingly the targets of ransomware attacks in what is thought to be a coordinated cybercrime effort by Russia. The Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Department of Health and Human Services issued a warning on October 28 (and updated on November 2) warning the health care industry of the “increased and imminent” threat of ransomware attacks.
While hospitals and health care systems have been hit by ransomware attacks in the past, they have been particularly vulnerable to ransomware and other cyberattacks since the start of the global pandemic. Since mid-summer, hospitals in multiple states have been attacked by some form of ransomware.
Ransomware is a form of malware that encrypts a victim’s files. Once in the system, generally through a spoofing or phishing attack, the hacker then demands a ransom from the victim in order to restore access to the data upon a payment. Victims are generally shown instructions for paying the fee in order to get the decryption fee. Typically, paying the ransom is not advised, absent extenuating circumstances.
While the health care industry appears to be the target here, cybercriminals may be emboldened by the recent attacks and target other industries. In order to prepare, organizations should:
- Review and refresh data breach response plans and disaster recovery plans;
- Educate employees on phishing and spoofing attacks, which often provide the access for attackers and have increased during the pandemic;
- Implement and maintain strong cybersecurity protocols, such as requiring personnel to regularly change passwords and use secure networks; and
- Ensure that backups are secure and available.
Most importantly, and given the potential to let the cybersecurity guard down to focus on other issues like the pandemic, it’s imperative that organizations continue to remain vigilant and prepared for these types of attacks.