Cyber crime is becoming more and more prevalent in healthcare. In 2015, the healthcare/medical sector ranked second in the number of breaches reported (35.4% of 780 total breaches) and first in the number of affected records (over 121 million records) according to the Identity Theft Resource Center.
Studies have shown that the number one risk to data in 2015 was hacking or phishing incidents. The #2 risk was employee error or negligence, which has more than doubled in the last three years, again according to the Identity Theft Resource Center.
On average it costs $10-30 per patient record to respond to a data breach. This includes the cost of notification expenses, legal fees, and related credit monitoring services. Additional costs such as IT forensics and potential fines or penalties could lead even a small breach to cost well over $100,000.
Please check here often for resources related to helping keep practices up-to-date on the latest in cyber security compliance and management.
Experian is forecasting that in 2017 healthcare organizations will be the most targeted sector. Electronic Health Records are likely to be a primary target for hackers. Deployment of new mobile applications by healthcare institutions introduce new vulnerabilities. They also predict that ransomware will continue to be a top concern, particularly because the disruption to healthcare system operations could be catastrophic. Download the full forecast here.
KnowBe4, a security awareness training company, has released the 7 Urgent Reasons For Creating A Human Firewall
The links and information below provide guidance issued from the U.S. Department of Health & Human Services and the Office for Civil Rights:
- Guidance issued regarding Petya Ransomware
- National Health Information-Sharing and Analysis Center has shared the following TLP-White Message and will continue to share information at nhisac.org.
- HITRUST has shared the following Threat Bulletin
- FBI FLASH: Indicators Associated With WannaCry Ransomware
- US-CERT has the most up-to-date information from the U.S. government.
- Entities with access to the NCCIC portal may log in here.
- Ransomware victims are urged to contact their FBI Field Office Cyber Task Force immediately to report a ransomware event.
- Report cyber incidents to the US-CERT and the FBI's Internet Crime Complaint Center
- If your facility experiences a suspected cyberattack affecting medical devices, contact the FDA's 24/7 emergency line at 866.300.4374. Reports of impact on multiple devices should be aggregated on a system/facility level.
- Cyber Security Checklist
- Cyber Security Infographic
- Ransomware Fact Sheet
- ONC Resources
How can I help protect myself from email-based ransomware attacks?
Ransomware can be delivered via email by attachments or links within the email. Attachments in emails can include documents, zip files, and executable applications. Malicious links in emails can link directly to a malicious website the attacker uses to place malware on a system. To help protect yourself, be aware of the following:
- Only open up emails from people you know and that you are expecting. The attacker can impersonate the sender, or the computer belonging to someone you know may be infected without his or her knowledge.
- Don’t click on links in emails if you weren’t expecting them – the attacker could camouflage a malicious link to make it look like it is for your bank, for example.
- Keep your computer and antivirus up to date – this adds another layer of defense that could stop the malware.
How can I help protect myself from open RDP ransomware attacks?
Recently, attackers have been scanning the Internet for Remote Desktop Protocol (RDP) servers open to the Internet. Once connected, an attacker can try to guess passwords for users on the system, or look for backdoors giving them access. Once in, it is just like they are logged onto the system from a monitor and keyboard. To help protect yourself, be aware of the following:
- If you do not need RDP, disable the service on the computer. There are several ways of doing this based on which version of Microsoft Windows you are using.
- If RDP is needed, only allow network access where needed. Block other network connections using Access Control Lists or firewalls, and especially from any address on the Internet.
- Find which version of Microsoft you are using.
What is HHS doing to secure their systems?
- HHS Office of the Chief Information Officer implemented enterprise block across all OpDivs and StaffDivs and is ensuring all patching is up to date.
- HHS is working with Department of Homeland Security to scan HHS’ CIDR IP addresses through the DHS NCATS program to identify RDP and SMB
- HHS notified VA and DHA and shared cyber threat information.
- HHS is coordinating with National Health Service (England) and UK-CERT.
- HHS through its law enforcement and intelligence resources with the Office of Inspector General and Office of Security and Strategic Information, have ongoing communications and are sharing and exchanging information with other key partners including the US Department of Homeland Security and the Federal Bureau of Investigation
Requests for information, impacts, and indicators:
Please notify firstname.lastname@example.org if:
- You identify a new attack vector identified for this Ransomware other than Email, or the following Ports: SMB share and RDP; or
- If there are any impacts to patient care or supply chain distribution because of ransomware.
Please share any indicators or cyber threat information with the HHS Healthcare Cybersecurity and Communications Integration Center at HCCICemail@example.com.