Hospitals are one of the favorite targets of ransomware hackers because hospitals simply can’t afford to have their IT down as it can cause severe harm or even death to patients. As a result when a hospital has its systems blocked by hackers it might be more willing to pay a ransom than any other type of organization in order to get their systems working again.
Recently, a debt collection company working with 657 healthcare providers announced that it had been the victim of a cyber attack. Hackers were able to obtain patients information including their name, address, social security number and medical information. It is unclear so far how many patients have been affected but this might have been of of the largest healthcare data breach of 2022.
CISA warns hospitals and healthcare providers of Maui ransomware
On Wednesday the government also warned hospitals that hackers sponsored by the North Korean Government have been targeting healthcare organization with Maui ransomware since 2021. The Cybersecurity & Infrastructure Security Agency released an alert to healthcare providers with technical details about the Maui ransomware, how to mitigate it and how to prepare for it in case mitigation fails.
One of the best way to mitigate the risk of cyber attack is to install updates for firmware, software and operating systems as soon as they are available. However big healthcare organizations and hospitals have so many different devices and systems that they often neglect to update them proprely and ultimately put their patients at risk of harm.
Other mitigation and prevention actions include:
- VPN and specific login information for Remote Protocol Desktop
- Training users and raising awareness about phishing and how to respond to it
- Multi-factor authentication (MFA) for webmail, VPN and accounts accessing sensitive information
- Only allowing administrators to install software
- Regular audit of accounts with high privileges
- Install and update antivirus
- Only use secure networks
- Add warning on emails coming from outside the organization
- disable hyperlinks in received emails
Healthcare organizations must make sure to have an encrypted back up of all their data offline and be prepared for a potential attack by having a cyber incident response plan and associated communication plan.
Read the alert from CISA
Read more in Healthcare Dive