A longtime leader in healthcare improvement, we’re developing new ways to revolutionize the industry.
Hackers are taking advantage of the coronavirus uncertainty to spread malware and execute ransomware attacks. They wasted no time hitting the U.S. Health and Human Services Department earlier this week. While these attacks are directed at consumers, the government and businesses alike, healthcare providers need to be extra vigilant, given sensitive data and information our systems house.
Ransomware attacks are highly impactful and require little sophistication to execute. Because of the devastating effect a cyber scam can have on a healthcare provider – jeopardizing the security of provider and patient data and operating systems – these scams continue to be one of the most effective ways for cyber criminals to make quick money.
These actions mirror the uptick we’re seeing in gray market activity and offers to hawk counterfeit supplies around COVID-19. Like with the gray market, with vigilance and communication about how to avoid these schemes, providers can protect themselves.
Education and awareness of ransomware attacks that leverage COVID-19 is the top priority. Both the Federal Trade Commission and the Cyber Security and Infrastructure Security Agency have issued alerts detailing how cyber criminals are using tactics, primary phishing, related to COVID-19 to spread ransomware.
Providers should educate employees to exercise caution with any communications they receive, particularly emails regarding COVID-19, so they are extra vigilant about coronavirus-related schemes. The more people who are aware of these schemes and risks, the more secure the organization will be.
Top pieces of information to communicate include:
While it’s easy for IT to be overshadowed by patient surges and supply sourcing, as hospitals stand up incident command structures, it’s smart to account for cyber security risks as well. This may include having IT personnel join the incident command team or provide daily updates to leaders about the integrity of their technology systems and any purported issues.
For further protection, some providers are also looking at non-traditional ways to share the risk of ransomware through expanded cyber security insurance.
Like handwashing and flossing, it’s a good idea to build in strong security practices into everyday efforts so that systems are fortified before, after and during a crisis. This includes a good back-up strategy, such as ensuring critical systems and data are backed-up to a secure location that is disconnected from the enterprise network; email security; multi-factor authentication; and malware protection. IT professionals should regularly train for potential cyber risks and develop crisis plans so they have clear action plans, such as pre-drafted messages to send leaders and the workforce, if cyber security is compromised.
As providers concentrate on efforts to care for an influx of patients and manage operations, cybercriminals continue to lurk on the boundaries of their businesses. Exercising caution with any communications regarding COVID-19 is an essential element to enhance providers’ ability to maintain operations and patient care during this time.
During COVID-19, Premier continues to act as a trusted connection point for healthcare providers, suppliers and the government. We are working 24/7 to address challenges as they occur and help our alliance of more than 4,000 hospitals and health systems and 175,000 non-acute providers access the supplies they need to serve their communities. We are also partnering with the Administration and private sector to create both short-term and long-term solutions, and sharing our insights to help inform the public understanding.