FBI Alert: Ransomware Threat Affecting Healthcare Organizations
Aug 17, 2021FBI Alert: Ransomware Threat Affecting Healthcare Organizations

On May 20, 2021, the FBI issued an alert about a Conti ransomware threat affecting healthcare organizations. Organizations that fall victim to ransomware face significant disruptions. Here’s what you need to know about the latest Conti ransomware attacks and how to keep your practice safe from ransomware attacks.  

What You Need to Know About the Ransomware Threat Affecting Healthcare Organizations

The FBI identified 16 recent Conti ransomware attacks in the healthcare and public health sector, including attacks on critical infrastructure like emergency medical services and 9-1-1 dispatch centers. In these attacks, Conti actors steal data and encrypt your servers and workstations, blocking access. They then threaten to publish your data or sell it if you do not pay a ransom. Recent ransom requests have been as high as $25 million, though amounts vary widely.

Ransomware attacks can significantly disrupt healthcare operations. Attackers can block you from accessing your practice management or EHR system. They can also prevent critical data sharing among healthcare organizations. Without easy access to data, your practice may be forced to cancel appointments or otherwise delay patient care. 

For patients experiencing emergencies, any delay in access to data can be life-threatening. But even for routine primary care patients, ransomware attacks can delay care and threaten privacy and confidentiality. Office closures because of ransomware can disrupt patient schedules and lead to missed opportunities for preventive care.

Plus, if patients fear their data may be stolen and released, they may be less forthcoming with their healthcare providers. Having strong cybersecurity protections in place can make your patients feel more confident. These protections can also prevent your practice from facing significant disruptions because of ransomware attacks.

How to Protect Your Practice from Ransomware Threats Affecting Healthcare Organizations

The massive disruption of a ransomware attack often starts with a simple email. Phishing emails can trick your staff into installing ransomware by clicking on a malicious link or opening an attachment. But Conti ransomware attackers cannot steal data and encrypt servers if they can not access your system. You can help protect your system by training your staff to spot and report phishing attempts. Having your staff acutely aware of the dangers involved in clicking links or opening attachments from suspicious emails is your best defense. You can also require administrator approval to install any software. These approaches, taken together, help prevent staff from accidentally installing ransomware.

Even with staff cybersecurity training, your system could still get infected with ransomware. All healthcare organizations should have up-to-date anti-virus and anti-malware software installed on every computer to find and delete malicious programs. You should also install any operating systems and software updates as soon as they are released. This includes EHR upgrades, which may contain important additional security features. Regularly installing updates prevents attackers from taking advantage of known bugs or gaps in your software and operating system.

Not all ransomware comes in through malicious links or attachments. Attackers can also get access to your system by stealing passwords or remote desktop credentials. You can limit the risk of these types of attacks by strengthening your password requirements and requiring regular password changes. You can also require multi-factor authentication including RSA tokens. If you allow remote access to your systems, disable any unused remote desktop accounts. You can also monitor all remote logins to your system to ensure only authorized users gain access.

You can also minimize the disruption of any ransomware attack by regularly backing up data. These back-ups should be password protected and air-gapped, meaning on a separate server or computer not connected to the internet. That way, if ransomware attackers steal your data and hold it for ransom, you can work from the backup data while the ransomware attack is resolved.

Finally, develop a cyber incident response plan. This plan should include instructions for reporting any cybersecurity incident, steps to prevent further damage to your systems, and protocols for continued operations during recovery. By developing a plan, you can help staff stay calm and focused during a cybersecurity incident. You can also ensure continued patient care while your practice recovers.

If you think your organization is the victim of a ransomware attack, or you notice any suspicious activity on your systems, contact CyWatch at the FBI. You can also report suspected phishing scams to that office.

How TempDev Can Help with the Ransomware Threats Affecting Healthcare Organizations

TempDev is here to help your practice reduce your risk of being exposed to ransomware threats. TempDev’s developers can help you upgrade your SQL servers, NextGen EHR, and EPM system to the latest version, implement backup procedures, and ensure secure data access that protects your patients’ privacy.

Call us at 888.TEMP.DEV or contact us here to schedule a consultation with TempDev to learn more about avoiding the ransomware threats affecting healthcare organizations.