Practice owners should be cautious of the latest string of ransomware attacks targeting health care providers.
The Cybersecurity and Infrastructure Security Agency, along with the Federal Bureau of Investigation and the U.S. Department of Health and Human Services, on Oct. 28 released an advisory warning providers to be aware of cybercriminals targeting the health care and public health sector for financial gain.
The alert warns that the cybercriminals are using phishing emails that either contain links to malicious websites or attachments with malware. The CISA, FBI and HHS are urging health care providers to take timely and reasonable precautions to protect their networks from these threats, including:
- Change passwords regularly to network systems and accounts and avoid reusing passwords for different accounts.
- Use multifactor authentication where possible.
- Audit user accounts with administrative privileges and configure access controls with least privilege in mind.
- Audit logs to ensure new accounts are legitimate.
- Identify critical assets such as patient database servers, medical records and telehealth and telework infrastructure. Create backups of these systems and house the backups offline from the network.
- Set antivirus and anti-malware solutions to automatically update; conduct regular scans.
- Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, secure location.
The HHS Office for Civil Rights’ Fact Sheet: Ransomware and HIPAA provides additional information for entities regulated by the HIPAA rules and regulations.
Get added protection with TDIC’s Cyber Suite Liability coverage
TDIC policyholders with comprehensive Business Owner’s Commercial Property Insurance can benefit from the additional protection of Cyber Suite Liability. This policy is designed to help practice owners respond to a full range of cyber incidents, including data breaches, computer attacks and extortion.
CDA members can also take advantage of TDIC’s Risk Management cybersecurity resources, which provide an overview of cyber risks and targets and includes guidance on how to respond and mitigate a cyberattack.
TDIC’s Risk Management hub features additional resources, including seminars, eLearning and an advice line to help policyholders protect patients, staff and their practice.