< Back to Thought Leadership

FBI Warns Ransomware Attacks Threaten US Healthcare System

Health systems are being warned by federal officials that cybercriminals are preparing to unleash a wave of ransomware attacks designed to lock up hospital information systems, which could hurt patient care just as nationwide cases of COVID-19 are spiking. It is anticipated by federal authorities this attack will occur this weekend.

The attackers are utilizing ransomware known as Ryuk through a network of compromised computers called Trickbot that Microsoft began trying to counter earlier in October.

Ransomware attacks continue to focus on the healthcare industry and specifically, hospitals.

In September, ransomware impacted all 250 facilities of Universal Health Services. The system was required to revert to manual paper and pencil for record-keeping and slowing lab work. Employees described chaotic conditions impeding patient care, including mounting emergency room waits and the failure of wireless vital-signs monitoring equipment.

Also in September, the first known fatality related to ransomware occurred in Duesseldorf, Germany, when an IT system failure forced a critically ill patient to be routed to a hospital in another city.

How to Protect Your Healthcare System from Ransomware Attacks

Healthcare systems should take the following preventative measures to protect themselves from ransomware attacks:

1. Awareness and Training

Awareness and training of cybersecurity should always be an on-going focus for organizations, specifically around phishing scams.

A phishing scam is when criminals impersonate legitimate organizations in an attempt to steal sensitive information. Scammers can use email or text messages. Both can threaten your organization, however, they are entirely preventable if your ENTIRE staff has been properly trained.

2. Keep Backups

The next recommendation is to ensure that all files are backed up, including electronic records.

Organizations should implement a 3-2-1-backup strategy.

A 3-2-1 backup strategy means that you have at least three (3) copies of your data, stored on two (2) different storage mediums, and one (1) copy in off-site storage.

3. Expedite Patching

Security patches or “patches” are small adjustments to software that address vulnerabilities in software that cybercriminals might use to gain access to your organization.

In order to minimize downtime, IT teams should look at opportunities to expedite their patching response plan.

4. Rehearse Protocols

When your team is fully educated and your plan is in place, the next thing to do is to rehearse!

Spend time with your employees rehearsing the IT lockdown protocols and processes. This will allow your team to work out any problems with the processes. It will also ensure that if the time comes for you to implement these processes, this will not be the first time your staff is doing it.

5. Power Down Systems

When not in use, power down IT systems. This will limit the number of potential attacks to your organization.

6. Limit or Prohibit Personal Email

Another tip is to limit or even prohibit the use of personal email.

Personal emails often go unmonitored and therefore are easy targets for phishing and malware attacks. If accessed through a company device, these attempts can infect company machines and provide access to the organization’s secured network.

7. Review Your Incident Response Plan Regularly

If a cyberattack occurs, make sure your team knows how to contact federal authorities if the phones are down or email has been disabled.

It is also important to review your incident response plan and ensure that it’s up to date with key contacts.

Looking for More Insights on Ransomware Attacks?

A lack of focus on cybersecurity can be greatly damaging to an institution and have a direct economic impact.

For more information on ransomware attacks or to learn how Blue and Co. can help your organization, please contact us by clicking here.

Blue & Co., LLC Announces New Partnership With Vsimple | Vsimple and Blue and Co logo

Blue & Co., LLC Announces New Partnership With Vsimple

CARMEL, Ind. (May 5, 2022) – Blue & Co., LLC is excited to announce our new partnership with Vsimple, a workflow management software company based in New Albany, IN.  Blue & Co and Vsimple will be working closely together to address the workflow and process improvement challenges of manufacturers throughout the Midwest. “At Blue & […]

Learn More
Proposed Rule FY 2023 for Skilled Nursing Facilities

Proposed Rule FY 2023 for Skilled Nursing Facilities

It is that time of year again! The Center for Medicare and Medicaid Services (CMS) has issued the proposed rule that would update Medicare payment policies and rates for the fiscal year (FY) 2023’s Skilled Nursing Facility (SNF) Prospective Payment System (PPS). The Patient Driven Payment Model (PDPM) was implemented on October 1, 2019. This […]

Learn More
Coverage Scheduling Solutions for Physician Practices and Hospital Systems

Scheduling Solutions for Clinician Work-Life Balance

One of the most challenging conversations in any multi-physician practice or specialty-based hospital employed group is about how to create a fair distribution of on-call and/or inpatient hospital service coverage while balancing the duties of an outpatient practice. The COVID-19 pandemic has contributed to clinician burnout, and physicians and Advanced Practice Providers (APPs) place significant […]

Learn More