Reading Room Table Display

TitleContentOnline SourcePublication Dateonline_source_hfilter
Lawsuit: Health System Failed to Heed Ransomware Warnings

Gov Info Security, September 15, 2021

A proposed class action lawsuit filed this week against St. Joseph’s/Candler Health System in the wake of a recent ransomware breach affecting 1.4 million individuals alleges that the Georgia-based healthcare entity was “reckless” and “negligent” in safeguarding patients’ information.

Read full Gov Info Security article.

September 15, 2021
Ransomware groups continue assault on healthcare orgs as COVID-19 infections increase

MSN, September 13, 2021

Ransomware groups have shown no signs of slowing down their assault on hospitals, seemingly ramping up attacks on healthcare institutions as dozens of countries deal with a new wave of COVID-19 infections thanks to the potent Delta variant.

Read full MSN article.

September 13, 2021
U.S. healthcare hit by yet another cyberattack

Digital Journal, September 11, 2021

The U.S. medical body, California health center LifeLong Medical Care, has been struck by a ransomware attack. The attack was sufficiently wide to leak personally identifiable information of around 115,000 patients across numerous health organizations.

Read full Digital Journal article.

September 11, 2021
AZ Ransomware Attack Leads to Unrecoverable EHRs, Data Loss

Health IT Security, September 10, 2021

An Arizona medical center will have to rebuild thousands of patient records after a ransomware attack resulted in corrupted EHRs and data loss.

Read full Health IT Security article.

 

September 10, 2021
Recent Breaches Underscore High Healthcare Security Risk

Dark Reading, September 10, 2021

Healthcare institutions in California and Arizona are sending breach notification letters after attackers compromised thousands of patients’ data.

Read full Dark Reading article.

September 10, 2021
Healthcare orgs in California, Arizona send out breach letters for nearly 150 000 after SSNs accessed during ransomware attacks

ZD Net, September 10, 2021

LifeLong Medical Care and Queen Creek Medical Center were both hit with ransomware attacks over the past year.

Read full ZD Net article.

September 10, 2021
BlackMatter Ransomware Attacks Threaten Healthcare, HC3 Says

Health IT Security, September 9, 2021

HC3, HHS’s cybersecurity arm, released a threat brief breaking down the BlackMatter ransomware group’s origins, threat tactics, and likely targets.

Read full Health IT Security article.

September 9, 2021
Q&A: Mount Sinai’s Chris Frenz on Best Practices for Zero-Trust Implementation

Health Tech, September 9, 2021

Healthcare organizations should take the time to map out the assets and traffic within their environment when creating a new security framework.

Read full Health Tech article.

September 9, 2021
Ransomware attack wipes out Arizona clinic’s EHR, corrupts 35,000 patients’ records

Becker’s Health IT, September 9, 2021

Queen Creek, Ariz.-based Desert Wells Family Medicine recently began notifying 35,000 patients that their EHR data was compromised by a ransomware attack.

Read full Becker’s Health IT article.

September 9, 2021
BlackMatter Ransomware Attacks Threaten Healthcare, HC3 Says

Health IT Security, September 9, 2021

HC3, HHS’s cybersecurity arm, released a threat brief breaking down the BlackMatter ransomware group’s origins, threat tactics, and likely targets.

Read full Health IT Security article.

September 9, 2021
Risk to patient safety from cyberattacks critical, even as specifics about direct links remain elusive

SC Media, September 9, 2021

Critical attacks against health care thrived in the last year. Now, as patient volumes continue to surge in some parts of the country, safety concerns grow increasingly dire.

And yet, say experts, specific data that clearly demonstrates the impact of cyberattacks on patient care remains elusive. This reality, in fact, further complicates an already complex effort among health care providers to establish technology plans and processes that put patient safety and care first.

Read full SC Media article.

September 9, 2021
Cyber Vulnerability is Healthcare’s Modern Malaise

ET Healthworld, September 8, 2021

The healthcare industry makes for an easy target for malicious actors, given its relative nascency to cyber threats and the resultant lax cybersecurity practices.

Read full ET Healthworld article.

September 8, 2021
Listen: How ransomware put the health sector on notice

SC Media, September 8, 2021

Ransomware is not new in a sense that malware can encrypt files and do bad things, said Eric Decker, a chief information security officer in the health care industry. But around 2015 or 2016, he said organized crime began to leverage it as a tool in far more disruptive and destructive ways.

Read full SC Media article.

September 8, 2021
Why ransomware attacks in healthcare remain a problem – and how to stop them

SC Media, September 8, 2021

If data has value, then electronic health records are a treasure trove. Today’s emboldened and ever-more-sophisticated cyber criminals know this. With many healthcare organizations again stretched thin to address raising COVID-19 case counts, there’s little doubt that we will see a steady drumbeat of new ransomware attacks, building on the record number so far this year.

Read full SC Media article.

September 8, 2021
Healthcare Ransomware Attack in CA Involves PHI of 57K

Health IT Security, September 7, 2021

San Andreas Regional Center in California experienced a healthcare ransomware attack that may have exposed the PHI of over 57,000 individuals.

Read full Health IT Security article.

September 7, 2021
The Ideal Ransomware Victim: What Attackers Are Looking For

KELA, September 6, 2021

In July 2021, KELA observed threat actors creating multiple threads where they claimed they are ready to buy accesses and described their conditions. Some of them appear to use access for deploying info-stealing malware and carrying out other malicious activities. Others aim to plant ransomware and steal data.

Read full KELA article.

September 6, 2021
Beaumont Health Latest Victim of Accellion Data Breach

Health IT Security, September 3, 2021

Nearly nine months after the Accellion data breach, Beaumont Health in Michigan joined a list of over 11 healthcare organizations impacted by the cyberattack.

Read full Health IT Security article.

September 3, 2021
Why “Ransomware Insurance” Causes Healthcare Industry to Overlook Deeper, Underlying Security Issues

CPO Magazine, September 2, 2021

In most circumstances, insuring your organization against potential threats is a solid idea. Within this frame of logic, particularly for a healthcare organization, a sector where 34% of all organizations were hit by ransomware last year, insurance may seem like a good investment.

Read full CPO Magazine article.

September 2, 2021
How ransomware runs the underground economy

CSO, August 31, 2021

Ransomware gangs are adopting all the core elements of legitimate businesses—including defined staff roles, marketing plans, partner ecosystems, and even venture capital investments—and some hallmarks of more traditional criminal enterprises.

Read full CSO article.

August 31, 2021
CISA Releases Guidance on Protecting PII From Ransomware Attacks

Health IT Security, August 30, 2021

CISA released a fact sheet on protecting PII from ransomware attacks in light of recent high-profile cyberattacks that put personal data in jeopardy.

Read full Health IT Security article.

August 30, 2021
Outpatient Facilities Now Top Targets for Healthcare Data Breaches

Health IT Security, August 30, 2021

Cyber criminals are shifting their healthcare data breach targets away from hospitals and onto outpatient facilities and business associates, a new report shows.

Read full Health IT Security article.

August 30, 2021
FBI releases alert about Hive ransomware after attack on hospital system in Ohio and West Virginia

MSN, August 27, 2021

FBI releases alert about Hive ransomware after attack on hospital system in Ohio and West Virginia.

Read full MSN article.

August 27, 2021
Infusion Pump Vulnerabilities Point to Gaps in Medical Device Security

Health IT Security, August 27, 2021

McAfee researchers discovered significant gaps in medical device security that may allow hackers to administer deadly doses of medications through an infusion pump.

Read full Health IT Security article.

August 27, 2021
CA Attorney General Calls Out Unreported Healthcare Data Breaches

Health IT Security, August 26, 2021

After multiple ransomware attacks went unreported, California’s attorney general issued a bulletin to providers reminding them to report healthcare data breaches.

Read full Health IT Security article.

August 26, 2021
Healthcare Ransomware Attack Leads to EHR Downtime in IN

Health IT Security, August 26, 2021

A healthcare ransomware attack in Indiana resulted in EHR downtime and potential exposure of patient and employee PII after bad actors released data online.

Read full Health IT Security article.

August 26, 2021
Healthcare Ransomware Attack at Indiana ENT Office Impacts 45K

Health IT Security, August 26, 2021

Indiana-based CarePointe ENT suffered a healthcare ransomware attack that may have exposed the PII and PHI of over 48,000 individuals.

Read full Health IT Security article.

August 26, 2021
Is Your Healthcare Organization Following These Four Ransomware Best Practices?

Security Boulevard, August 24, 2021

Healthcare is the most targeted sector for data breaches and ransomware attacks were responsible for almost 50% of all healthcare data breaches in 2020, according to the US Department of Health and Human Services Cyber Security Program 2021 Forecast. While ransomware has been a favorite among attackers for years now, the rate continues to rise each year.

Read full Security Boulevard article.

August 24, 2021
The rise of ransomware within healthcare

Open Access Government, August 23, 2021

David Higgins, EMEA Technical Director, CyberArk, explores three reasons why healthcare organisations are extra vulnerable to ransomware.

Read full Open Access Governmet article.

August 23, 2021
Health sector deals with ransomware, data breaches as COVID cases rise

SC Media, August 20, 2021

Ransomware actors are having a productive week with several ongoing outages in the health care sector, including Memorial Health System and Eskenazi Health. What’s worse, the pervasive threat is continuing to disrupt the health sector, as it continues to battle another COVID-19 wave.

Read full SC Media article.

August 20, 2021
THE PANDEMIC REVEALED THE HEALTH RISKS OF HOSPITAL RANSOMWARE ATTACKS

The Verge, August 19, 2021

In late October 2020, the University of Vermont Health Network was hit by a ransomware attack. The system couldn’t access electronic health records for nearly a month. Every computer at UVM Medical Center was infected with malware. Hospitals in the network delayed chemotherapy and mammogram appointments, just as COVID-19 cases in the United States started to tick upward in what would become an enormous winter wave.

Read full The Verge article.

August 19, 2021
US healthcare org sends data breach warning to 1.4m patients following ransomware attack

The Daily Swig, August 19, 2021

The medical and financial data of 1.4 million people was potentially exposed earlier this year in the latest ransomware attack to hit a major US healthcare provider.

St. Joseph’s/Candler (SJ/C), the largest healthcare network in Savannah, Georgia, says in a statement that it first detected the breach on June 17.

After it isolated its systems, an investigation carried out with the help of external security firms found that the attackers had originally gained access on December 20 last year.

Read full The Daily Swig article.

August 19, 2021
Ransomware attack knocks out systems at Ohio and W. Virginia healthcare provider

Silicon Angle, August 17, 2021

The Memorial Health System, a healthcare provider in Ohio and West Virginia, has been struck by a ransomware attack that knocked systems offline and forced hospital staff to use paper charts.

Read full Silicon Angle article.

August 17, 2021
Surgeries canceled, care diverted as Memorial Health responds to cyberattack

SC MEDIA, August 16, 2021

Memorial Health System in Ohio is currently operating under electronic health record (EHR) downtime procedures and diverting emergency care patients, after a cyberattack struck its network during the early hours of Sunday, Aug. 15. All radiology exams and urgent surgical cases scheduled for Aug. 16 have also been canceled as a result.

Read full SC Media article.

August 16, 2021
Ransomware in Healthcare: The Costly Reality of Withstanding Hackers

HIT Consultant, August 13, 2021

How much larger a percentage of U.S. gross domestic product (GDP) can healthcare command?

This isn’t a rhetorical question, even if it may be difficult to come up with a direct answer.

Read full HIT Consultant article.

August 13, 2021
How Health Facilities Can Prevent, Mitigate Ransomware in 2021

Health IT Security, August 13, 2021

Ransomware is continuing to impact the healthcare industry, which has seen a rise in cyber-attacks since the start of the pandemic.

Read full Health IT article.

August 13, 2021
Two ransomware gangs, Vice Society and Magniber, said to launch attacks via PrintNightmare

SC MEDIA, August 13, 2021

Researchers over the past couple of days reported that two different ransomware gangs — one fairly new, the other several years old — have been actively exploiting the PrintNightmare vulnerability in the Windows Print Spooler service to launch ransomware attacks.

Read full SC Media article.

August 13, 2021
Medtechs need to up their cybersecurity threat modeling game, FDA says

Medtech Dive, August 13, 2021

Medtech companies must design and develop devices that “have far more robust security built in” to keep pace with emerging cybersecurity threats and vulnerabilities, said Suzanne Schwartz, director of CDRH’s Office of Strategic Partnerships and Technology Innovation. To do that, Schwartz says medtechs need better threat models that lay out what hackers might do to target a device and how to protect it.

Read full Medtech Dive article.

August 13, 2021
Reality of health care threats disconnected from cybersecurity investments

SC MEDIA, August 12, 2021

Despite the health care sector remaining a prime target for threat actors, many provider organizations don’t see cybersecurity investment as a priority and few name cyber as a high priority spend, according to a new report from CyberMDX in collaboration with Philips.

Read full SC Media article.

August 12, 2021
H-ISAC warns actors abusing RTLO in phishing campaign against health care

SC MEDIA, August 11, 2021

A recent Health Information Sharing and Analysis Center (H-ISAC) alert warns that threat actors are targeting the health care sector with phishing attacks that leverage legitimate right-to-left override (RTLO) Unicode to appear benign and evade detection.

Read full SC Media article.

August 11, 2021
Ransomware Attack on GA Health System Impacts Staff, Patients’ PHI

HEALTH IT SECURITY, August 11, 2021

A Georgia healthcare system sustained a cyberattack, with hackers targeting patients’ and staff members’ PHI.

Read full Health IT Security article.

August 11, 2021
Data Breach at Georgia Health System

INFO SECURITY MAGAZINE, August 11, 2021

A health system in Georgia has begun notifying patients of a six-month-long data breach that culminated in a ransomware attack.

Read full Info Security Magazine article.

August 11, 2021
Hospital: Patient information may have been stolen in St. Joseph’s/Candler ransomware attack

MSN, August 11, 2021

Leaders with St. Joseph’s/Candler said some employee and patient information may have been taken during June’s ransomware attack.

Read full MSN article.

August 11, 2021
Top 5 ransomware operators by income

MSN, August 11, 2021

Jack Cable, a security architect at Krebs Stamos group, and a former U.S. Cybersecurity and Infrastructure Security Agency worker, has started a ransomware payments tracking site called Ransomewhere.

Read full SC Media article.

August 11, 2021
HIMSS21: Your healthcare organization is crippled by ransomware. Should you pay the attackers?

FIERCE HEALTHCARE, August 10, 2021

Cyberattacks have ramped up in recent years, and there’s now a strong chance that any given health organization will, at some point, be hit with ransomware.

Read full Fierce Healthcare article.

August 10, 2021
Eskenazi Health remains on diversion days after ransomware attack

MSN , August 10, 2021

Eskenazi Health remains on diversion for patients coming by ambulance nearly a week after an attempted ransomware attack that led the hospital to shut down its entire computer network.

Read full MSN article.

August 10, 2021
Attack sophistication means health care cybersecurity requires digital resilience

SC Media, August 6, 2021

Cybercriminals have not taken a vacation during the pandemic and have continued to modify their tactics to great success. Recent security incidents reflect the nature of the threat landscape and serve as a reminder that even entities with strong cybersecurity practices can be exploited.

Read full SC Media article.

August 6, 2021
Intelligence Driven Exercises and Solutions (IDEAS): An uncomplicated approach for solving complicated problems

Q&A with Theresa Fersch

Theresa Fersch is a Principal Systems Engineer with 15 years of exercise design and development expertise.

 

What is IDEAS?

As part of our continued focus on solving problems for a safer world, MITRE recognizes that one of our nation’s greatest challenges is that threats and adversaries are constantly evolving. Technology advances by leaps and bounds, our adversaries are becoming faster and stronger, and disruptions are becoming even more disruptive. To stay ahead of the game, we must continuously be checking and refining our assumptions, methods, and strategies. Tabletop exercises are a form of serious games that have long been used by the Department of Defense (DOD), Department of Homeland Security (DHS), the Intelligence Community (IC), and other government agencies to sharpen their focus on a problem set and their understanding of the people, processes, and technologies associated with them. Based on our previous experience, MITRE experts have developed a methodology for implementing and scaling table top exercises we call Intelligence Driven Exercises and Solutions or IDEAS.

Why is MITRE unique?

Over the last 15 years, I have led a small team of diverse subject matter experts (SME) at MITRE in tackling some of our nation’s greatest challenges by compiling lessons learned and best practices in tabletop exercise development to create a scalable and tailored methodology that can be applied to any problem set or industry.

So how did we do this?

We began with traditional tabletop exercise and wargaming methodologies and enhanced them by applying systems engineering principles and making a few key changes. We have leveraged MITRE’s culture of speed and adaptability to identify areas within these tried-and-true methods that can be standardized, replicated, and repeated. Our collaborative focus has helped us learn that by cross-pollinating expertise or applying different types of expertise to the problem set, we can identify new threats or vulnerabilities, and therefore new solutions, that might not necessarily be explored by those who are deeply familiar with the problem. By encouraging participation from specific subject matter experts, IDEAS leads build high performance teams to uniquely tailor each exercise and ensure a high degree of relevance to the problem set being explored. Our exercises and solutions provide an environment wherein participants can safely and boldly explore dynamic problem sets in unique ways to bolster understanding, identify areas for improvement, develop actionable recommendations, and harvest lessons learned.

Applying to cyber in the healthcare sector

While IDEAS began as an exercise methodology for the intelligence community, MITRE has since applied this method to numerous industries and sectors. To date, we have developed and conducted exercises ranging across cybersecurity, healthcare, economics, transportation, intelligence, international relations, defense, supply chain, and emergency management.

Most recently, MITRE has been working with Health Delivery Organizations (HDOs) across the country to build and conduct exercises with a focus on stressing, improving, and validating responses to cyberattacks.

Cyberattacks can have devastating impacts not only from a business continuity perspective, but from a patient health and safety perspective as well. We work with HDOs to fully understand their ecosystems: the roles and responsibilities of key security and emergency response personnel involved, the processes, procedures, and plans currently in place, and their technical capabilities and systems. This vital information, combined with MITRE’s extensive expertise in cybersecurity, informs exercise development to produce exercises that are relevant, realistic, and effective at exercising an HDO’s response to cyberattacks.

We exercise concepts such as:

  • Ransomware
  • Extortion demands
  • Negative impacts on electronic health records (EHR), medical devices, and clinical operations
  • Interactions with pharmacies and other external partners
  • Disaster recovery
  • Business continuity during system downtime
  • Communications across the organization
  • Executive level decision making
  • Patient harm
  • Adverse publicity

It is our goal to ensure everyone who works with us is fully prepared to handle cyber attacks on their healthcare systems.

Interested in conducting table top exercises at your organization?

Learn more about how MITRE can help support your organization: https://healthcyber.mitre.org/blog/resources/cyber-tabletop-exercises/

August 6, 2021
Ransomware Attack Forces Indiana Hospital to Turn Ambulances Away

Yahoo! News, August 5, 2021

Hackers are going after U.S. hospitals with a fresh wave of cyberattacks this week just as coronavirus cases surge around the country.

Eskenazi Health, a health-care service provider that operates a 315-bed hospital, inpatient facilities, and community health centers throughout Indianapolis, was crippled by a ransomware attack that began between 3:30 and 4 a.m. Wednesday morning, a spokesperson told The Daily Beast.

Read full Yahoo! News article.

August 5, 2021
CISA forms public-private partnership to fight ransomware, work on cyber defense strategy

SC Media, August 5, 2021

The Cybersecurity and Infrastructure Security Agency announced Thursday the formation of a new committee that will bring government and industry together to work on cybersecurity issues. The move continues the Biden administration’s more proactive stance on cyber that began in May.

Read full SC Media article.

August 5, 2021
Sanford Health, Eskenazi Health recovering from cyberattacks in EHR downtime

SC Media, August 5, 2021

Cyberattacks on two U.S. health systems have forced the providers into electronic health record (EHR) downtime procedures: Sanford Health in South Dakota and Eskenazi Health in Indianapolis, according to multiple local news outlets and statements from the health systems.

Read full SC Media article.

August 5, 2021
Phishing scheme targets unemployment insurance benefits and PII

FTC Consumer Information, August 4, 2021

Have you gotten an alarming text message about your unemployment insurance benefits from what seems to be your state workforce agency? You’re not alone. Identity thieves are targeting millions of people nationwide with scam phishing texts aimed at stealing personal information, unemployment benefits, or both.

Read full FTC Consumer Information article.

August 4, 2021
How precise email analysis reduces healthcare ransomware threats

Fed Scoop, August 4, 2021

The healthcare industry has come under intensified attacks by malicious actors over the last year amid new opportunities to target institutions during the COVID-19 pandemic.

Among various cyberthreats the healthcare industry faces, ransomware poses particular risks to the patients these institutions are serving. While the goal of ransomware attacks is to extract a payment, the consequences of holding health organizations’ IT systems hostage puts patient safety and critical care at risk.

Read full Fed Scoop article.

August 4, 2021
Italian vaccination registration system down in apparent ransomware attack

NBC News, August 2, 2021

Residents of the Lazio region, which includes Rome, will not be able to book new appointments for several days, the region’s president said. Hackers have attacked the vaccination registration system in one of Italy’s largest regions, temporarily blocking residents from booking new vaccination appointments.

Read full NBC News article.

August 2, 2021
PwnedPiper threatens thousands of hospitals worldwide, patch your systems now

IBM, August 2, 2021

Nine critical vulnerabilities in a popular hospital pneumatic tube software could give attackers control of infrastructure and allow them to launch additional attacks that cripple healthcare operations.

Read full IBM article.

August 2, 2021
UF Health admits patient data may have been compromised in ransomware attack

Villages-News, July 31, 2021

Two months after a ransomware attack was launched on its computer systems, UF Health-The Villages Hospital is admitting that patient data may have been compromised.

The attack was discovered over the Memorial Day weekend at the hospital in The Villages and its sister medical center in Leesburg. Although UF Health initially shrugged it off as a “glitch,” the truth poured out through accounts of patients and staff who described the nightmare which accompanied the ransomware attack.

Read full Villages-News article.

July 31, 2021
FBI tells Congress ransomware payments shouldn’t be banned

MSN, July 28, 2021

Congress should not attempt to address the threat of ransomware by making ransom payments to cybercriminals illegal, a top FBI official told US lawmakers Tuesday.

Read full MSN article.

July 28, 2021
Why healthcare security needs urgent care

Hospital Healthcare, July 28, 2021

Increased ransomware incidents in health care require stringent protection of critical systems and data.

Australia’s healthcare sector has been the target of increased cybersecurity incidents since COVID-19 forced digital care into the spotlight. Sensitive data collected by healthcare providers, as well as their increased reliance on cloud-based services and telehealth, make the industry a prime target.

Read full Hospital Healthcare article.

July 28, 2021
FACT SHEET: Biden Administration Announces Further Actions to Protect U.S. Critical Infrastructure

White House, July 28, 2021

The Biden Administration continues to take steps to safeguard U.S. critical infrastructure from growing, persistent, and sophisticated cyber threats.

Read full White House fact sheet.

July 28, 2021
When Ransomware Group REvil Vanished, Its Victims Were Stranded

Bloomberg, July 27, 2021

Ransomware attacks always hurt—but perhaps never more so than when the victim is compromised through the very company they pay for IT and security services. That’s what happened to the nearly 1,500 targets attacked through a vulnerability at Kaseya Ltd., an IT management and antivirus software provider.

Read full Bloomberg article.

July 27, 2021
Relentless cyberattacks are putting financial pressure on hospitals: Fitch Ratings

Fierce Healthcare, July 26, 2021

A historic jump in the number and severity of cyber assaults on hospitals during the last 18 months will cause “material revenue and expense pressures” on nonprofit hospitals and health systems, according to a report from Fitch Ratings.

The sector is viewed as a target-rich environment due to the large amount of sensitive data that healthcare entities maintain for patient care and operations.

Read full Fierce Healthcare article.

July 26, 2021
How Can Congress Aid Healthcare Cybersecurity, Fight Ransomware?

Health IT Security, July 22, 2021

Witnesses testified before Congress this week, noting that the healthcare sector needs help battling cyberattacks and ransomware.

Read full Health IT Security article.

July 22, 2021
Second FinCEN Exchange on Ransomware to Take Place in August

FinCEN, July 15, 2021

The Financial Crimes Enforcement Network (FinCEN) today announced it will convene a FinCEN Exchange in August 2021 with representatives from financial institutions, other key industry stakeholders, and federal government agencies to discuss ongoing concerns regarding ransomware, as well as efforts by the public and private sectors. The FinCEN Exchange will build upon FinCEN’s November 2020 event on ransomware. FinCEN anticipates that this FinCEN Exchange will assist its government and private sector partners to inform next steps to address ransomware and focus resources to mitigate the threat.

Read full FinCEN article.

July 15, 2021
Rewards for Justice – Reward Offer for Information on Foreign Malicious Cyber Activity Against U.S. Critical Infrastructure

U.S. Department of State, July 15, 2021

The U.S. Department of State’s Rewards for Justice (RFJ) program, which is administered by the Diplomatic Security Service, is offering a reward of up to $10 million for information leading to the identification or location of any person who, while acting at the direction or under the control of a foreign government, participates in malicious cyber activities against U.S. critical infrastructure in violation of the Computer Fraud and Abuse Act (CFAA).

Read full U.S. Department of State article.

July 15, 2021
White House announces ransomware task force — and hacking back is one option

Politico, July 14, 2021

The administration is promoting efforts to help agencies go on defense and offense against hackers whose economically paralyzing attacks pose a growing threat to the U.S.

Read full Politico article.

July 14, 2021
Report: Cyberattacks drive 185% spike in health care data breaches in 2021

SC Media, July 13, 2021

More than 22.8 million patients have been impacted by a health care data breach so far in 2021, a whopping 185% increase from the same time period last year where just 7.9 million individuals were affected according to a new report from Fortified Health Security.

Read full SC Media article.

July 13, 2021
Hacking group behind widespread ransomware attacks disappears online

Washington Post, July 13, 2021

A cybercriminal group that took responsibility for a massive ransomware attack that affected hundreds of businesses this month has disappeared from sight online.

REvil, which is thought to be based in Russia, was not in its usual places on the “dark web” and the regular Internet on Tuesday. Many researchers have blamed the group for the huge hack that hit technology services provider Kaseya just hours before the beginning of the Fourth of July weekend.

Read full Washington Post article.

July 13, 2021
The Ransomware Crime Wave Has Made Zero Trust Critical

eWEEK, July 12, 2021

Zero trust proceeds from the foundational framework that no individual, no device, no application, no thing can be trusted as secure.

The spate of ransomware attacks that have shaken the U.S. in recent weeks has generated a lot of media coverage, much of it focusing on the more sensationalistic aspects of the incidents and their fall out.

Read full eWEEK article.

July 12, 2021
Could allowlisting reduce the impact of ransomware, cyberattacks on health care?

SC Media, July 12, 2021

A recent IDC report confirmed the health care sector is more vulnerable to the consequences of cyberattacks than other industries and the most likely to suffer application downtime, with 53% of covered entities reporting downtime after an attack.

Read full SC Media article.

July 12, 2021
Practice Management Software Vendor Practicefirst Affected by Healthcare Ransomware Attack

Heimdal Security, July 7, 2021

New York-based Practicefirst Medical Management Solutions, a medical management company that processes data for health care providers, declared that a 2020 healthcare ransomware attack may have exposed personally identifiable information (PII) of patients and work staff.

Read full Heimdal Security article now.

July 7, 2021
Dominion National reaches $2M settlement over nine-year data breach

SC Magazine, July 6, 2021

Insurance giant Dominion National reached a $2 million settlement with the 2.9 million patients affected by its nine-year data breach, first reported in 2019. The security incident was the second-largest breach reported to the Department of Health and Human Services that year.

Read full SC Magazine article.

July 6, 2021
Healthcare Ransomware Attack Targets Practice Management Vendor

Health IT Security, July 5, 2021

Practice management vendor Practicefirst announced a 2020 healthcare ransomware attack that may have exposed patient and employee PII.

Read full Health IT Security article.

July 5, 2021
Customized threat intelligence can track down ransomware gangs

SC Media, July 2, 2021

Organizations across the world are now beginning to realize that traditional security measures are largely ineffective against the current generation of increasingly sophisticated ransomware attacks.

Read full SC Media article.

July 2, 2021
More ‘actionable’ intel needed from HHS to support health IT security

SC Magazine, June 29, 2021

The Department of Health and Human Services has made progress in threat sharing efforts to support cybersecurity within its partnerships and the health care sector. But the Government Accountability Office found areas where HHS could better coordinate its efforts to support department information sharing and overall health IT security.

Read full SC Magazine article.

June 29, 2021
UK healthcare sector must protect itself against cybercrime, experts say

Pharmaceutical Technology, June 29, 2021

The National Cyber Security Centre defended the UK health sector from over 700 attacks between September 2019 and August 2020.

In May 2017, a global ransomware attack known as WannaCry affected hundreds of thousands of computers around the world – including those belonging to the NHS, which saw 80 of out 236 trusts across England compromised. Four years on, the healthcare sector remains the top target for cyberattacks.

Read full Pharmaceutical Technology article.

June 29, 2021
REvil STrikes Again – Ransomware Attack on UnitingCare Queensland

The National Law Review, June 28, 2021

Following a ransomware infection in late April, UnitingCare Queensland has suffered a nearly 2 month long ordeal to regain control of its systems. UnitingCare was a victim of malware called Sodinokibi/REvil which encrypted its files and attempted to delete backups.

The attack shutdown a range of UnitingCare’s core systems and forced its facilities to revert to paper-based and manual workarounds to continue operating.

Read full National Law Review article.

June 28, 2021
Hoya Optical Labs Notifies Consumers of Healthcare Ransomware Attack

Health IT Security, June 25, 2021

Hoya Optical Labs sent notices to customers alerting them of a healthcare ransomware attack in April that exposed personally identifiable information.

Read full Health IT Security article.

June 25, 2021
The human cost of ransomware: Disruption to Irish health service will continue for months

ZDNet, June 24, 2021

Patients in Ireland told to continue to expect delays or cancellations to appointments after its health service was hit with ransomware in May.

Read full ZDNet article.

June 24, 2021
UVM Health Continues to Feel Effects of Ransomware Attack

Health IT Security, June 24, 2021

Eight months after a ransomware attack that incurred costs upwards of $63 million, UVM Health continues to experience setbacks and financial losses.

Read full Health IT Security article.

June 24, 2021
Ransomware Attack on Eye Clinic Chain Affects 500,000

Info Risk Today, June 24, 2021

Wolfe Eye Clinic, which operates diagnostic and surgical centers in 40 Iowa communities, is notifying 500,000 current and former patients that their data may have been inappropriately accessed during a recent ransomware attack. But the organization refused to pay a ransom.

Read full Info Risk Today article.

June 24, 2021
FBI Investigates Georgia Health System Ransomware Attack

Government Technology, June 24, 2021

Nearly a week after a ransomware attack was first detected at St. Joseph’s/ Candler, the Savannah, Ga., area’s largest health-care system is still not yet back to normal as officials work with the FBI on the incident.

Read full Goverment Technology article.

June 24, 2021
OSU Data Breach Impacts Veterans, More Ransomware Attacks

Healthcare IT Security, June 24, 2021

Other recent healthcare data breaches include a ransomware attack in Mississippi and a breach at an Iowa eye clinic.

Read full Healthcare IT Security article.

June 24, 2021
Entity-Level Encryption: The Only Defense Against Ransomware

Forbes, June 23, 2021

As if encrypting your data for ransom wasn’t enough, an even more nefarious development has increased the impact of ransomware events on businesses. Cybercriminals have been copying and downloading data to their own servers before encrypting the data on the victims’ computers, giving the hackers two methods for financial gain.

Read full Forbes article.

June 23, 2021
Health Cos. Must Prepare For Growing Ransomware Threat

Health Law Advisor, June 23, 2021

Alaap Shah and Stuart Gerson of Epstein Becker Green have written an Expert Analysis on Law360 that will be of interest to our readers: “Health Cos. Must Prepare for Growing Ransomware Threat.”

Go to Health Law Advisor to read full excerpt and download the PDF.

June 23, 2021
How Kelsey-Seybold Clinic recovered from a ransomware attack

Healthcare IT News, June 23, 2021

The provider’s CISO and CTO offers some best practices for pulling through an attack – and describes how to bolster cyber defenses so it doesn’t happen again.

Read full Healthcare IT News article.

June 23, 2021
Georgia St. Joseph’s/Candler health system shifts to downtime procedures amid ransomware attack

SC Magazine, June 22, 2021

A ransomware attack against Georgia-based St. Joseph’s/Candler on June 17 spurred network outages and forced clinicians into EHR downtime procedures. Five days later, the workforce is continuing to use paper records for patient appointments.

Read full SC Magazine article.

June 22, 2021
Health care system faces ‘very real’ threat of ransomware attacks

News Center Maine, June 16, 2021

Criminals usually target hospitals for medical records, since they can sell for 200 to 500 dollars on the dark web compared to 14 dollars for financial records.

Read full News Center Maine article.

June 16, 2021
HHS Shares Resources for Avoiding Ransomware Attacks

American College of Radiology, June 16, 2021

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is encouraging organizations to familiarize themselves with the growing threat of ransomware — malicious software that blocks access to a computer system until an amount of money (ransom) is paid — and to take steps to avoid the threat. HHS recently provided links to online government resources to help healthcare facilities protect their computer systems from the ransomware threat.

Read full list of resources on acr.org.

June 16, 2021
Health care ransomware attacks: Oklahoma health system driven to EHR downtime

SC Magazine, June 16, 2021

Stillwater Medical Center was hit with a ransomware attack on June 13 and is currently operating under electronic health record downtime as it attempts to bring its systems back online. The health system operates a number of care sites, specialist offices, hospitals and clinics in Oklahoma.

According to the health care provider, the IT team quickly moved to ensure the security of the environment after the incident impacted access to certain systems. Upon discovery, officials contacted law enforcement and engaged with a computer forensic firm to assist with the recovery process.

Read full SC Magazie article.

June 16, 2021
Cybersecurity for healthcare systems, medical devices more critical than ever

Today’s Medical Developments, June 11, 2021

Rise in ransomware attacks forcing hospitals to harden cybersecurity.

Cybercriminals have stepped up their game during the pandemic, launching ransomware attacks at a frenzied pace. In 2020, more than 90 U.S. healthcare organizations reported ransomware attacks, which affected over 600 separate clinics, hospitals and organizations and 18 million-plus patient records.

Read full Today’s Medical Developments article.

June 11, 2021
Opinion: We at Scripps Health were victims of a ransomware attack. Here’s what we’ve learned.

The San Diego Union-Tribune, June 10, 2021

This past year, we’ve witnessed doctors, nurses and hospitals on the front lines of the COVID-19 pandemic performing heroically in the face of the most difficult circumstances seen in a century. Just as it seems hospitals and health-care systems may be rounding a corner on coronavirus, the cybersecurity threat has been covertly plaguing our hospital systems and critical care facilities.

Read full San Diego Union-Tribune article.

June 10, 2021
Ransomware Attacks: CISA Shares Operational Tech Asset Security Guide

Health IT Security, June 10, 2021

In response to ongoing ransomware attacks targeting operational tech assets and control systems of critical infrastructure entities, CISA published a guide to mitigation and response.

Read ful Health IT Security article.

June 10, 2021
What Happens After a Ransomware Attack in the Health IT Environment?

Health IT Security, June 9, 2021

CyberMDX’s Ido Geffen takes a hard look at ransomware attacks within a healthcare environment, including what providers are getting wrong and needed security mitigations.

Read full Health IT Security article.

June 9, 2021
Cyberattack Drives 2 UF Health Hospitals to EHR Downtime

Health IT Security, June 7, 2021

Reports show UF Health in Central Florida leadership is looking into a cyberattack against two of its hospitals, while operating under EHR downtime procedures.

Read full Health IT Security article.

June 7, 2021
White House urges US companies to take ransomware seriously

Tech Republic, June 3, 2021

A new White House memo to business leaders underscores the threat of ransomware and offers advice on how to protect their companies.

Read full Tech Republic article.

June 3, 2021
Ransomware gang behind Ireland attack also hit US health and emergency networks

MSN, May 23, 2021

The ransomware attack that hobbled the Irish healthcare system was far from an isolated incident.  BleepingComputer and Gizmodo note that the FBI has issued a flash alert warning that the ransomware group behind the Ireland attack also targeted “at least” 16 healthcare and emergency networks, including police and 911 dispatch centers.  The group used Conti ransomware that steals files, encrypts systems and pressures victims into paying through a portal lest their data be sold or published online.

Read full MSN article.

May 23, 2021
FBI says Conti ransomware gang has hit 16 U.S. health and emergency networks

SC Media, May 21, 2021

The Federal Bureau of Investigation said that the same group of online extortionists blamed for striking the Irish health system last week have also hit at least 16 U.S. medical and first response networks in the past year.

Read full SC Media article.

May 21, 2021
Ransomware attack on health care company, CaptureRx, exposes multiple providers

SC Media, May 10, 2021

A ransomware attack against CaptureRx, a drug-related administrative service provider in San Antonio, Texas, resulted in the exposure of the health information of patients or customers at several health care providers across the U.S., reports ZDNet.

Read full SC Media article.

May 10, 2021sc-media
Ransomware Task Force releases long-awaited recommendations

SC Media, April 29, 2021

The Ransomware Task Force (RTF), a collaboration of more than 60 stakeholders, released its long-awaited ransomware framework on Thursday morning, advocating nearly 50 interlocking government and private sector strategies to tackle the criminal scourge.

Read full SC Media article.

April 29, 2021sc-media
Homeland Security Secretary Backs Call for Mandatory Disclosure of Ransomware Payments

NEXTGOV, April 29, 2021

DHS Secretary Alejandro Mayorkas said the department will work with a task force developed by the private sector on ways to tamp down the increase in ransomware attacks.

Read full NextGov article.

April 29, 2021nextgov
Health Care Ransomware Strains Have Hospitals in the Crosshairs

SECURITY INTELLIGENCE, April 23, 2021

The language of digital attacks shares a lot with the language of disease: ‘viruses’ ‘infect’ computers, and stopping their spread can be like trying to keep down a contagious disease.

Read full Security Intelligence article.

April 23, 2021security-intelligence
Emerging Tech Shapes the Next Generation of Military Health Care

GOVERNMENT CIO MEDIA & RESEARCH, April 19, 2021

Automation and AI can support medical decision-making on the battlefield, but security remains crucial.

Read full Government CIO Media & Research article.

April 19, 2021government-cio-media-research
Healthcare Organizations: Moving to High Alert for Ransomware

CSO ONLINE, April 13, 2021

Numerous healthcare facilities were attacked in the last year, including one incident in Germany that lead to a death when ransomware locked systems and a patient needing critical care was turned away.

Read full CSO Online article.

April 13, 2021cso-online
Healthcare’s Data Extortion Problem, and How to Prepare for Ransomware

HEALTH IT SECURITY, April 12, 2021

Data extortion attempts are now occurring in at least 70 percent of all ransomware attacks. How can healthcare providers best combat these pervasive tactics?

Read full Health IT Security article.

April 12, 2021health-it-security
BioTel Heart vendor breach left patients’ information public for nearly a year

Becker’s Health IT, April 5, 2021

BioTel Heart began informing 38,575 patients that a vendor data breach may have left their personal information exposed for nearly a year.

In a data breach notice, BioTel Heart said that on Jan. 28, the healthcare provider was informed about the data breach. It launched an investigation and learned that patients’ personal information was accessible to the public between Oct. 17, 2019, and Aug. 9, 2020.

Read full Becker’s Health IT article.

April 5, 2021
Hackers claim they stole Stanford Medicine data, posted info online: 4 things to know

Becker’s Health IT, April 5, 2021

Stanford University is investigating claims that hackers stole personal data from its medical school and published the information online.

Read full Becker’s Health IT article.

April 5, 2021
Ransomware attack affects 750,000 Personal Touch patients, employees across U.S.

Becker’s Health IT, April 5, 2021

Personal Touch Holding Corp., the parent company of Personal Touch Home Care centers across the U.S., recently began notifying 753,107 patients and employees of a ransomware attack on its cloud-stored business records.

The data breach occurred between Jan. 20 and Jan. 27. On Jan. 27, Lake Success, N.Y.-based Personal Touch became aware of the cyberattack on the private cloud hosted by its service providers, a news release said.

Read full Becker’s Health IT article.

April 5, 2021
Cybercriminals accessed Maryland orthopedic center’s emails for a year, affecting 125,000

Becker’s Health IT, April 5, 2021

On March 25, the Bethesda, Md.-based Centers for Advanced Orthopaedics began notifying 125,291 patients, employees and dependents of a cyberattack that took place over a yearlong breach.

In a news release, the orthopedics center said that on Sept. 17, 2020, it identified unusual email activity and launched an investigation with assistance from cybersecurity experts. The investigation found that multiple employee email accounts were accessed by a cybercriminal between October 2019 and September 2020.

Read full Becker’s Health IT article.

April 5, 2021
Health care organizations funnel dollars into security as pandemic, medical developments drive surge in attacks

SC Media, April 1, 2021

Organizations move on plans to strengthen security policies, increase training, invest in technology.

Read full SC Media article.

April 1, 2021
Ransomware attack alert! The tell-tale signals to look for

Computing, March 31, 2021

Patterns of unusual behaviour are the clearest signal of an attack, not programmes or files.

Read full Computing article.

March 31, 2021
Minnesota clinic transitions to Allina Health’s EHR after ransomware attack

Becker’s Health IT, March 31, 2021

Apple Valley (Minn.) Clinic, part of Minneapolis-based Allina Health, recently transitioned to the health system’s EHR platform following a ransomware attack on its tech services vendor that exposed nearly 158,000 patients’ information.

Read full Becker’s Health IT article.

March 31, 2021
Secretary Mayorkas Outlines His Vision for Cybersecurity Resilience

Homeland Security, March 31, 2021

On March 31, Secretary Mayorkas outlined his vision and roadmap for the Department’s cybersecurity efforts in a virtual address hosted by RSA Conference, in partnership with Hampton University and the Girl Scouts of the USA.

Read Secretary Mayorkas’ prepared remarks on the Homeland Security website.

March 31, 2021
Rise in Healthcare Data Breaches Driven by Ransomware Attacks

CPO Magazine, March 18, 2021

There was a general rise in cyber crime in 2020 due to pandemic conditions, but one notable trend that stood out was a spike in the number of major healthcare data breaches. A new report from cybersecurity firm Tenable reviews the entirety of 2020’s publicly disclosed breaches (along with the first two months of 2021) and finds that this spike can be overwhelmingly attributed to ransomware attacks.

Read full CPO Magazine article.

March 18, 2021
Ransomware attacks on healthcare organizations cost nearly $21B last year, study finds

Becker’s Hospital Review, March 12, 2021

Six-hundred clinics, hospital and healthcare organizations were attacked by 92 individual ransomware attacks, affecting 18 million patient records in 2020. The costs of these attacks are almost $21 billion, a Comparitech study found.

The report highlighted ransomware attacks published by HHS that affected more than 500 people. Data breaches affecting fewer than 500 people were included if the breach was reported elsewhere, a limitation the researchers said “only scratch[es] the surface of the problem.”

Read full Becker’s Hospital Review article.

March 12, 2021
Ransomware, supply chain attacks compel health care organizations to act

SC Media, March 9, 2021

If ransomware and data exfiltration attacks that targeted hospitals and vaccine researchers during the pandemic signaled a cyber hygiene crisis in health care, the SolarWinds supply chain attack demonstrated just how deep the problem goes.

A new report issued this week by the CyberPeace Institute seeks to illustrate the human impact that relentless cyberattacks have on health care staffers, patients and society. Featuring a compilation of interviews, outside research and recent news stories, the report offers key recommendations for various stakeholders.

Read full SC Media article.

March 9, 2021
Ransomware attack exposed info of 210K MultiCare patients, providers, workers

Becker’s Hospital Review, March 9, 2021

More than 200,000 patients, providers and employees of Tacoma, Wash.-based MultiCare began receiving notice that their personal info had been exposed in a recent ransomware attack.

Read full Becker’s Hospital Review article.

March 9, 2021
Vendor ransomware attack exposes patient information at South Carolina practice

Becker’s Hospital Review, March 8, 2021

Sandhills Medical Foundation notified patients that an external cloud vendor underwent a ransomware attack, exposing patients’ personal information, according to a news release. The attackers accessed Sandhills’ system on Nov. 15 and extracted Sandhills’ data before the ransomware attack was launched on Dec. 3.

Read full Becker’s Hospital Review article.

March 8, 2021
Navajo Nation hospital the latest victim of brutal wave of ransomware attacks

Yahoo.com, March 3, 2021

When Rehoboth McKinley Christian Health Care Services in Gallup, New Mexico, was hit with a cyberattack earlier this year, the hospital’s staff had to revert to pen and paper to keep things running.

Read full Navajo Nation hospital ransomware attack article on Yahoo.com.

March 3, 2021
Universal Health Services Estimates $67 Million in Ransomware Losses

Info Security Magazine, March 2, 2021

A ransomware attack on Universal Health Services (UHS) last autumn cost the company an estimated $67 million in downtime and related expenses, it has revealed.

The Fortune 500 healthcare organization has tens of thousands of employees in the US and UK and annual revenues exceeding $10 billion.

Read full Info Security Magazine article.

March 2, 2021
CIS Launches No-Cost Ransomware Service for U.S. Hospitals

Center for Internet Security (CIS), February 18, 2021

The nonprofit Center for Internet Security announced this week that it had launched a no-cost ransomware protection service for private hospitals in the United States. The Malicious Domain Blocking and Reporting service, which is already available for public hospitals, health departments and healthcare organizations, uses Enterprise Threat Protector software from the cybersecurity vendor Akamai to proactively identify, block and mitigate targeted threats.

Read full CIS article.

February 18, 2021
Hackers Dump More Health Data, as Feds Share Ransomware Factsheet

Health IT Security, February 8, 2021

The Conti ransomware hacking group recently released two massive healthcare data dumps tied to Leon Medical Centers and Nocona General Hospital on the dark web for sale. The leaks follow a newly released National Cyber Investigative Joint Task Force (NCIJTF) ransomware factsheet.

Read full Health IT Security article.

February 8, 2021
The National Cyber Investigative Joint Task Force Releases Ransomware Fact Sheet

FBI.gov, February 4, 2021

The National Cyber Investigative Joint Task Force (NCIJTF) has released a new joint-seal ransomware fact sheet. This educational product is intended to provide the public important information on the current ransomware threat and the government’s response, as well as common infection vectors, tools for attack prevention, and important contacts in the event of a ransomware attack.

Read full FBI.gov article.

February 4, 2021
How Ransomware Is Affecting Healthcare

Q&A with Joanne Fitzpatrick

Joanne Fitzpatrick is a lead cybersecurity engineer in MITRE’s Cyber Solutions Innovation Center. She works closely with a range of government sponsors to increase their situational awareness and improve their resiliency to cyber attacks. She began her career at MITRE working on network architectures and security for Air Force systems.

 

Why are healthcare facilities such prime targets for ransomware attacks?

Hospitals and healthcare organizations, large and small, are at particular risk for ransomware. One study showed more than 500 attacks in 2020 alone, with major health systems in Texas, Minnesota, and Vermont recently coming under attack. Patient care and business systems, such as communications, billing, and electronic health records, are often disrupted, even to the point of re-routing patients to other facilities and cancelling surgeries.

Today, hospitals and healthcare centers are especially vulnerable because COVID has reduced ICU bed capacities, and medical professionals are serving COVID patients while managing existing caseloads. The pandemic has publicized the health systems’ struggles worldwide.

It’s worth noting that an adversary does not need to infiltrate an entire healthcare information system (HIS) to negatively impact an organization’s ability to deliver health services, a primary objective. They may choose to gain access to one subsystem, module, or critical file, such as the scheduling process for operating rooms. Upon gaining access, the adversary could encrypt it, prohibiting the organization from accessing or using the schedule. They would then complete the attack by demanding funds in return for the necessary software to decrypt/unlock the module or files.

Not all health organizations are equal. What do we know about how ransomware affects hospitals and health facilities in rural or underserved areas?

Great question. We tend to hear about large organizations in the media when an attack has happened. However, hospitals and health facilities in rural or underserved areas are just as vulnerable as larger, more urban organizations. Adversaries don’t adhere to rules, and don’t want to be predictable in their attack behavior. Impeding an organization from successfully providing their services to their local communities is simply a pathway to demand a ransom. Since they primarily want to extort money from an organization, they don’t really care about its size, location, or nature of their databases.

From the perspective of hospitals and health facilities in rural or underserved areas, however, their ability to protect themselves from a ransomware attack, or to be able to operate through such attacks, may be more limited than their larger counterparts because their IT infrastructure may be less mature and their resources may be more limited.

Are there considerations for organizations with small or underfunded IT/security staff?

There are two key considerations. First, such organizations typically have smaller IT and security departments, with a handful of talented people wearing many hats, and each responsible for several major operational IT areas. Staff tend to be experienced in the operations of their own organization, but often have little access to growth/training/professional development on cybersecurity issues, such as threats and attacks. Lack of time or budget is usually the reason. Additionally, there is little-to-no extra staff available to dedicate to specialty cyber topics, such as threat modeling or attack surface assessments. Second, we recognize that both small and large healthcare organizations may be targets for adversaries. Size does not matter. We’ve witnessed successful attacks at all types of health organizations. Adversaries may even exploit a smaller hospital as part of their attack navigation to exploit a larger, partnering organization.

For these reasons, we’ve build the Ransomware Resource Center to help all kinds of health organizations, whatever their size and wherever they are in their planning.

How can the Ransomware Resource Center help healthcare organizations?

We hope the Ransomware Resource Center will make two key contributions. It will inform hospitals and healthcare organizations about how to prepare, respond to, and recover from such an attack. It also will share freely with the broader community the unbiased guidance and best practices that MITRE cybersecurity and cyber resiliency professionals have provided for years to our many federal government sponsors.

What is unique about the security needs of healthcare providers, suppliers, and support organizations?

In general, their needs are similar to those of other types of business with regards to structure and process flows. However, expectations for healthcare systems are different from other sectors (such as banking or retail, for example) because human well-being and lives are at stake. Emergency rooms, maternity, and much else demands 24/7 functionality. In this way, the security needs of healthcare delivery are more like some of MITRE’s military sponsors where the safety of human life and local populations is paramount.

Where should you start if you work at a smaller organization, or don’t have the benefit of a fully-staffed information security team?

Many healthcare organizations choose to start with an assessment that asks and answers some key questions: What are our most important assets? What are the strengths and vulnerabilities of our current system? What are the roles and responsibilities around the organization if we come under attack?

MITRE has created numerous cyber tools that help organizations ask and answer these important questions. Three in particular, Cyber Tabletop Exercises, the Crown Jewels Analysis (CJA), and the Cyber Operations Rapid Assessment (CORA) are well-suited to healthcare organizations. We’ve used them extensively in helping many organizations understand where they are in facing cyber adversaries, and then pointing the way to their necessary and feasible next steps.

How can MITRE assist organizations seeking to become more resilient?

To learn more about MITRE and the ways we can work with you, contact us at HealthCyber@mitre.org. MITRE’s mission-driven teams are dedicated to solving problems for a safer world. Through our public-private partnerships and federally funded R&D centers, we work across government and in partnership with industry to tackle challenges to the safety, stability, and well-being of our nation.

January 29, 2021
Dead System Admin’s Credentials Used for Ransomware Attack

Healthcare Info Security, January 28, 2021

Operators of the Nefilim ransomware used the credentials of a deceased system administrator to plant their crypto-locking malware in about 100 vulnerable systems during one attack, according to a recent report published by security firm Sophos.

Read full Healthcare Info Security article.

January 28, 2021
Texas Medical Center Breach Affects 640,000

Data Breach Today, January 22, 2021

An apparent ransomware incident at a Texas healthcare organization has potentially compromised the protected health information of more than 640,000 individuals.

Read full Data Breach Today article.

January 22, 2021
CISA Launches Campaign to Reduce the Risk of Ransomware

Cybersecurity & Infrastructure Security Agency (CISA), January 21, 2021

The Cybersecurity and Infrastructure Security Agency (CISA) announced the Reduce the Risk of Ransomware Campaign today, a focused, coordinated and sustained effort to encourage public and private sector organizations to implement best practices, tools and resources that can help them mitigate this cybersecurity risk and threat.

Read full CISA article.

January 21, 2021
560 Healthcare Providers Fell Victim to Ransomware Attacks in 2020

Health IT Security, January 19, 2021

In 2020, Emsisoft data shows 560 healthcare provider facilities fell victim to ransomware attacks, of an overall 2,354 US entities hit by the malware variant.

Read full Health IT Security article.

January 19, 2021
FBI Warns Egregor Ransomware Actors Actively Extorting Entities

Cybersecurity News, Janury 7, 2021

A Wednesday FBI private industry notification warns entities that the threat actors behind Egregor ransomware are actively targeting and exploiting a range of global businesses.

Read full Cybersecurity News article.

January 7, 2021
Minnesota’s Lake Region Healthcare Recovering From Ransomware Attack

IT Health Security, Janury 7, 2021

A ransomware attack struck Minnesota-based Lake Region Healthcare just before Christmas, resulting in some system disruptions; “activist” data leaks and two email hacks complete this week’s breach roundup.

Read full IT Health Security article.

January 7, 2021
UVM Health Delays Epic EHR Implementation After Cyberattack, COVID-19

EHR Intelligence, January 6, 2021

One of 2020’s worst cyberattacks resulted in University of Vermont (UVM) Health delaying its Epic EHR implementation schedule.

Read full EHR Implementation article.

January 6, 2021
Healthcare Organizations Bear the Brunt of Cyberattacks Amid Pandemic

DARK READING, January 6, 2021

Hospitals and other healthcare organizations bore the brunt of cyberattacks last year, all the while struggling to cope with the challenges posed by the COVID-19 pandemic.

According to a new report this week from Check Point Software, attacks on healthcare entities worldwide jumped 45% in the past two months as attackers tried to take advantage of the pandemic by disrupting operations and extorting ransoms from organizations under tremendous pressure to provide uninterrupted services.

Read full Dark Reading article.

January 6, 2021
Cyberattacks on Healthcare Spike 45% Since November

Threat Post, January 5, 2021

The relentless rise in COVID-19 cases is battering already frayed healthcare systems — and ransomware criminals are using the opportunity to strike.

Read full Threat Post article.

January 5, 2021
After widespread hospital attacks, targeting of health care industry continues to rise

SC Media, January 5, 2021

A wave of ransomware attacks against hospitals in the United States and United Kingdom late last year shocked the conscious of many cybersecurity professionals. Things have only gotten worse for the health care industry since then.

Read full SC Media article.

January 5, 2021
Cyberattack on UVM Health Network Impedes Chemotherapy Appointments

The cyberattack has halted chemotherapy, mammogram and screening appointments, and led to 300 staff being furloughed or reassigned.

Read full threatpost.com article.

December 22, 2020
The Institute for Security and Technology (IST) Launches Multi-Sector Ransomware Task Force (RTF)

Institute for Security and Technology (IST), December 21, 2020

The Institute for Security and Technology (IST) — in partnership with a broad coalition of experts in industry, government, law enforcement, nonprofits, cybersecurity insurance, and international organizations — is launching a new Ransomware Task Force (RTF) to tackle this increasingly prevalent and destructive type of cybercrime. The RTF’s founding members understand that ransomware is too large of a threat for any one entity to address, and have come together to provide clear recommendations for both public and private action that will significantly reduce the threat posed by this criminal enterprise.

Read full IST article.

December 21, 2020
Patients of a Vermont Hospital Are Left ‘in the Dark’ After a Cyberattack

NY Times, November 26, 2020

A wave of damaging attacks on hospitals upended the lives of patients with cancer and other ailments. “I have no idea what to do,” one said.

Cyberattacks on America’s health systems have become their own kind of pandemic over the past year as Russian cybercriminals have shut down clinical trials and treatment studies for the coronavirus vaccine and cut off hospitals’ access to patient records, demanding multimillion-dollar ransoms for their return.

Read full NY Times article.

November 26, 2020
Ransomware in healthcare: The inevitable truth

MedCity News, October 30, 2020

The best path forward for healthcare organizations is first to understand the characteristics, causes, and indicators of ransomware attacks and then be proactive in taking preventative measures.

Read full MedCity News article.

October 30, 2020
FBI warns ransomware assault threatens US health care system

AP News, October 29, 2020

Federal agencies warned that cybercriminals could unleash a wave of data-scrambling extortion attempts against the U.S. health care system, an effort that, if successful, could paralyze hospital information systems just as nationwide cases of COVID-19 are spiking.

Read full AP News article. 

October 29, 2020

Pin It on Pinterest

Share This