< Back to Thought Leadership

FBI Warns Ransomware Attacks Threaten US Healthcare System

Health systems are being warned by federal officials that cybercriminals are preparing to unleash a wave of ransomware attacks designed to lock up hospital information systems, which could hurt patient care just as nationwide cases of COVID-19 are spiking. It is anticipated by federal authorities this attack will occur this weekend.

The attackers are utilizing ransomware known as Ryuk through a network of compromised computers called Trickbot that Microsoft began trying to counter earlier in October.

Ransomware attacks continue to focus on the healthcare industry and specifically, hospitals.

In September, ransomware impacted all 250 facilities of Universal Health Services. The system was required to revert to manual paper and pencil for record-keeping and slowing lab work. Employees described chaotic conditions impeding patient care, including mounting emergency room waits and the failure of wireless vital-signs monitoring equipment.

Also in September, the first known fatality related to ransomware occurred in Duesseldorf, Germany, when an IT system failure forced a critically ill patient to be routed to a hospital in another city.

How to Protect Your Healthcare System from Ransomware Attacks

Healthcare systems should take the following preventative measures to protect themselves from ransomware attacks:

1. Awareness and Training

Awareness and training of cybersecurity should always be an on-going focus for organizations, specifically around phishing scams.

A phishing scam is when criminals impersonate legitimate organizations in an attempt to steal sensitive information. Scammers can use email or text messages. Both can threaten your organization, however, they are entirely preventable if your ENTIRE staff has been properly trained.

2. Keep Backups

The next recommendation is to ensure that all files are backed up, including electronic records.

Organizations should implement a 3-2-1-backup strategy.

A 3-2-1 backup strategy means that you have at least three (3) copies of your data, stored on two (2) different storage mediums, and one (1) copy in off-site storage.

3. Expedite Patching

Security patches or “patches” are small adjustments to software that address vulnerabilities in software that cybercriminals might use to gain access to your organization.

In order to minimize downtime, IT teams should look at opportunities to expedite their patching response plan.

4. Rehearse Protocols

When your team is fully educated and your plan is in place, the next thing to do is to rehearse!

Spend time with your employees rehearsing the IT lockdown protocols and processes. This will allow your team to work out any problems with the processes. It will also ensure that if the time comes for you to implement these processes, this will not be the first time your staff is doing it.

5. Power Down Systems

When not in use, power down IT systems. This will limit the number of potential attacks to your organization.

6. Limit or Prohibit Personal Email

Another tip is to limit or even prohibit the use of personal email.

Personal emails often go unmonitored and therefore are easy targets for phishing and malware attacks. If accessed through a company device, these attempts can infect company machines and provide access to the organization’s secured network.

7. Review Your Incident Response Plan Regularly

If a cyberattack occurs, make sure your team knows how to contact federal authorities if the phones are down or email has been disabled.

It is also important to review your incident response plan and ensure that it’s up to date with key contacts.

Looking for More Insights on Ransomware Attacks?

A lack of focus on cybersecurity can be greatly damaging to an institution and have a direct economic impact.

For more information on ransomware attacks or to learn how Blue and Co. can help your organization, please contact us by clicking here.

woman using a quickbooks point of sale system

Blue & Co. Offers Expertise to Not-For-Profits Affected by QuickBooks Point of Sale Discontinuation

By Nancy Orben, CPA, Senior Manager, Laura Philpot, Senior Accountant, Business Services, and Lisa Totten, Senior Accounting Specialist at Blue & Co. Attention all not-for-profit organizations! Are you currently using QuickBooks Point of Sale in your gift shops, ticket sales, or day-to-day business? If so, you may have heard the recent news that Intuit will […]

Learn More

Contract Services: Impact on Wage Index

In the past several years, hospitals have continued to feel the impact of increased utilization of contract nursing and other contract services. Although these services have developed into a major expense line item, it is important for hospitals understand how expenses related to contracted services can impact the wage index factor for Medicare reimbursement. Contract […]

Learn More
shamrocks not-for-profit tips

3 Lucky Tips for Not-For-Profits to Avoid Bank Fraud

Trusted Insights from The National Bank of Indianapolis Nonprofit Services Team Not-for-profit organizations are increasingly falling victim to fraud, with a rising number of incidents and an ever-growing amount of money being lost. Fraudsters find it easy to target not-for-profits, as their publicly available 990s provide valuable information. Protecting your organization from such fraudulent activities […]

Learn More