< Back to Thought Leadership

FBI Warns Ransomware Attacks Threaten US Healthcare System

Health systems are being warned by federal officials that cybercriminals are preparing to unleash a wave of ransomware attacks designed to lock up hospital information systems, which could hurt patient care just as nationwide cases of COVID-19 are spiking. It is anticipated by federal authorities this attack will occur this weekend.

The attackers are utilizing ransomware known as Ryuk through a network of compromised computers called Trickbot that Microsoft began trying to counter earlier in October.

Ransomware attacks continue to focus on the healthcare industry and specifically, hospitals.

In September, ransomware impacted all 250 facilities of Universal Health Services. The system was required to revert to manual paper and pencil for record-keeping and slowing lab work. Employees described chaotic conditions impeding patient care, including mounting emergency room waits and the failure of wireless vital-signs monitoring equipment.

Also in September, the first known fatality related to ransomware occurred in Duesseldorf, Germany, when an IT system failure forced a critically ill patient to be routed to a hospital in another city.

How to Protect Your Healthcare System from Ransomware Attacks

Healthcare systems should take the following preventative measures to protect themselves from ransomware attacks:

1. Awareness and Training

Awareness and training of cybersecurity should always be an on-going focus for organizations, specifically around phishing scams.

A phishing scam is when criminals impersonate legitimate organizations in an attempt to steal sensitive information. Scammers can use email or text messages. Both can threaten your organization, however, they are entirely preventable if your ENTIRE staff has been properly trained.

2. Keep Backups

The next recommendation is to ensure that all files are backed up, including electronic records.

Organizations should implement a 3-2-1-backup strategy.

A 3-2-1 backup strategy means that you have at least three (3) copies of your data, stored on two (2) different storage mediums, and one (1) copy in off-site storage.

3. Expedite Patching

Security patches or “patches” are small adjustments to software that address vulnerabilities in software that cybercriminals might use to gain access to your organization.

In order to minimize downtime, IT teams should look at opportunities to expedite their patching response plan.

4. Rehearse Protocols

When your team is fully educated and your plan is in place, the next thing to do is to rehearse!

Spend time with your employees rehearsing the IT lockdown protocols and processes. This will allow your team to work out any problems with the processes. It will also ensure that if the time comes for you to implement these processes, this will not be the first time your staff is doing it.

5. Power Down Systems

When not in use, power down IT systems. This will limit the number of potential attacks to your organization.

6. Limit or Prohibit Personal Email

Another tip is to limit or even prohibit the use of personal email.

Personal emails often go unmonitored and therefore are easy targets for phishing and malware attacks. If accessed through a company device, these attempts can infect company machines and provide access to the organization’s secured network.

7. Review Your Incident Response Plan Regularly

If a cyberattack occurs, make sure your team knows how to contact federal authorities if the phones are down or email has been disabled.

It is also important to review your incident response plan and ensure that it’s up to date with key contacts.

Looking for More Insights on Ransomware Attacks?

A lack of focus on cybersecurity can be greatly damaging to an institution and have a direct economic impact.

For more information on ransomware attacks or to learn how Blue and Co. can help your organization, please contact us by clicking here.

COVID-19 initiatives impacting RHCs

New COVID-19 Initiatives Impacting RHCs

On Tuesday May 4, 2021, President Biden announced three new COVID-19 initiatives impacting RHCs. Nearly $1 billion of funding is being made available as part of the American Rescue Plan (ARP) to support rural COVID-19 response efforts and increase COVID-19 vaccine availability in rural communities. The President’s announcement included the following initiatives: Shipping New Allocations […]

Learn More

Employer Tax Credits for Providing Paid Sick and Family Leave Related to COVID-19

The American Rescue Plan Act, enacted March 11, 2021, aims to deliver economic relief to families and workers. On April 21, President Biden announced a provision of the American Rescue Plan Act that allows eligible employers to claim refundable tax credits for providing emergency paid sick leave to employees who take time off for reasons […]

Learn More
Charity Reimbursement

Charity Reimbursement: Protecting it from Audit Scrutiny

There is a new audit trend coming down the pipeline that could impact your charity reimbursement for Medicare bad debt. In the past there was no enforcement of statements being sent to a charity patient before they were deemed indigent. Until a patient has been approved for charity, they are still deemed non-indigent. Auditors are […]

Learn More