ELEVATE YOUR HIPAA COMPLIANCE: Explore Our Enhanced Toolkit Today
Access Toolkit
Purchase Toolkit
Back to Blog

Alert: Imminent and increased threat of cybercrime attacks against healthcare industry

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) issued a Joint Cybersecurity Advisory October 28 siting “credible information” they have on an “imminent and increased” threat of cybercrime attacks against the US healthcare industry with the goal of locking down systems, stealing data, and extorting money.

The statement said that the attacks are aimed at “data theft and disruption of healthcare services” and that “these issues will be particularly challenging for organizations within the COVID-19 pandemic.”

It has been reported that the cyberattacks have already affected six hospitals in states including New York and California. The type of malware being used by the criminals is seeded by a network called of computers called Trickbot, which in turn deploys a kind of ranswomware called Ryuk.

Protect Your Computer Systems

The CISA, FBI, and HHS are urging healthcare providers to take action to protect their computer systems against attacks. Among the Network Best Practices listed within the Advisory, PrivaPlan’s Michaela Kahn, PhD, highlights these actions:

  • Make sure patches are up to date for operating systems, software, and hardware.
  • Create policies to change passwords frequently.
  • Implement two-factor authentication where possible.
  • Make sure back-ups are up to date and testing them to ensure they are not corrupted.
  • Disable all unused remote access/Remote Desktop Protocol ports and monitoring RDP access logs.

Be Suspicious of Emails

Additionally, the agencies strongly warn that hospital systems are being targeted by malware, which is usually hidden in email attachments. Kahn reminds you to advise your staff to be suspicious of any email that isn’t something familiar or normal and follow these tips:

  • Always look closely at the “from” email address. It might be spoofed to look similar to a real email address – so always make sure to really study it.
  • Don’t click on links in emails without knowing exactly what they are. Remember you can hover your cursor over a hyperlink to see the real URL that the link will take you to.
  • Don’t open attachments unless you know exactly where they come from and what they are. If there is any doubt – verify before opening.

For more information or assistance in what you can do to minimize your risk, please contact the experts at PrivaPlan at 1-877-218-7707 or info@privaplan.com.

Related Posts

Recent Posts

Categories
Tags
AI Articles artificial intelligence Blog board Breach business associate CISO cyber risk cybersecurity cybersecurity awareness training electronic medical records email breach executive order Federal HIPAA Changes Final Rule health care health privacy HIPAA hipaa compliance HIPAA Training Meaningful Use Medicare multi-factor authentication OCR ONC passwords PHI phishing Policies & Procedures policies and procedures Privacy Quotes Ransomware Security Security Risk Analysis security training Service Technology Testimonials toolkit Training Materials two-step authentication website analytics website trackers

Get Started Today

Email us at info@privaplan.com or submit the form below:

Sign Up for Updates

Contact PrivaPlan

Telephone Sales & Support
505-466-1432  or
Toll Free: 1-877-218-7707
Fax: 505-466-3942

E-Mail Sales & Support
Customer Support: support@PrivaPlan.com
Sales: orders@PrivaPlan.com

Mailing Address:
PrivaPlan
5 Caliente Rd, Ste 3,
Santa Fe, NM 87508

© 2024 PrivaPlan Associates, Inc, all rights reserved.

FOLLOW US

Linkedin Envelope

Access PrivaPlan Toolkit

Click here to access

Access CMA-PrivaPlan Toolkit

Click here to access

Sign up for updates

  • Be Proactive In Compliance

Sign up. Learn about Compliance

Subscribe now for up-to-date information about privacy & security compliance! You’ll receive emails regarding news about compliance & alerts for new blog posts.