As COVID-19 infection rates rise, hospitals and healthcare facilities are understandably focused on protecting patients, staff, and providers from the virus – but COVID-19 is not the only rising threat to the healthcare industry. While healthcare providers continue to focus on responding to the pandemic, cyber threat actors are taking full advantage of healthcare vulnerabilities by perpetrating scams and phishing attacks, which largely depend on the target’s sense of fear and urgency.
According to an annual report by Coalition Cyber Insurance published in September, the most common type of cyber incident across all industries was ransomware, which accounts for an estimated 41 percent of all cyber-attacks in the past year. The average ransom demand has increased by 47 percent from 2020 Q1 ($230k) to Q2 ($339k). This increase happened at the same time as COVID-19 cases in the U.S. surged throughout Q2. In September, the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security issued a new alert, coauthored with the Federal Bureau of Investigation and the U.S. Department of Health and Human Services, warning of ransomware activity targeting the Healthcare and Public Health Sector.
For many facilities, the most common vulnerability to their IT security comes from their own employees. Social engineering attacks, including phishing scams that may be conducted by email, are the most frequently used techniques, accounting for 60 percent of all incidents, and do not require advanced technical skill. No matter how robust the network infrastructure and security controls the actions of one careless or mislead employee can result in significant damage. Service and communication disruptions in healthcare can be a life or death situation, and cyber criminals are exploiting this sense of urgency.
Threat actors are ramping up their attacks across all sectors, but appear to be specifically targeting healthcare systems. Over the course of this year, Coalition Cyber Insurance reported that the healthcare industry had the 3rd most ransomware claims across all sectors. When you combine that with the fact that hospitals and healthcare facilities are in the middle of a pandemic, and those facilities are on the front line of the global response, these cyber threats take on particularly dire consequences.
Responding to Cyber Attacks
The vast majority of cyber-attacks can be prevented by training employees and maintaining protective software. However, you also need to be ready to respond in case your prevention strategies fail. If your facility does become a victim of a ransomware attack, a complete, up-to-date backup can help ensure your patients the continuity of care they need and protect your organization financially.
Regularly backing up all mission-critical data can help facilitate improved recovery time and mitigate the severity of an attack. In general, maintaining anti-ransomware best practices like the 3-2-1 backup strategy or conducting regular vulnerability scanning to identify and address vulnerabilities will help protect your organization against future threats from other ransomware operators. The 3-2-1 backup strategy simply states that you should have three copies of your data (your production data and two backup copies) on two different storage media (disk and tape) with one copy off-site for disaster recovery. Having a 3-2-1 backup of all mission-critical data could allow a facility to operate while under attack and recover much more quickly without having to pay the ransom. It is crucial that these backups are stored offline and are disconnected to any other systems when not in use or else they could also be infected by ransomware and rendered useless.
The federal government has many resources to assist the private sector in both preparing for and responding to cyber incidents:
So, while everyone is reminded to wear a mask, wash their hands, and maintain a social distance, people and organizations should also prioritize good cyber-hygiene on both an individual and organizational basis. Be extra vigilant about social engineering techniques like phishing scams and keep all operating systems and security software updated per your organization’s recommendations.
Reporting Cyber Incidents
If your organization is the victim of a cyber attack, be sure to report it. Reporting cyber incidents is vital to helping the interagency, state, local, and private sector partners better understand the cyber threat landscape. To report suspicious or criminal activity, contact your local FBI field office, call the FBI’s 24/7 Cyber Watch (CyWatch) hotline at (855) 292-3937, or e-mail at MCyWatch@fbi.gov. To request incident response resources or technical assistance related to these threats, contact CISA at Central@cisa.dhs.gov. For potential medical device impacts related to a cyber-attack affecting your hospital system, please contact CyberMed@fda.hhs.gov.
Stay Up-To-Date
HHS/Assistant Secretary for Preparedness and Response’s (ASPR) Division of Critical Infrastructure Protection (CIP) continues to actively track cyber threats and other emerging issues at the intersection of disaster health and critical infrastructure protection. To learn about the latest resources and tools to optimize your organization’s ability to respond, recover, and prepare for threats and incidents impacting the nation’s health critical infrastructure, subscribe to the ASPR CIP mailing list. For more information on this subject or how to participate with the healthcare and public health (HPH) Sector, contact us at CIP@HHS.gov.
