The Federal Bureau of Investigation (FBI) and two federal agencies are warning of an "imminent cybercrime threat" to US hospitals and health care providers, noting that several hospitals across the country have already been hit. In a joint advisory, the Cybersecurity and Infrastructure Security Agency (CISA), FBI and the U.S. Department of Health and Human Services (HHS) said they have "credible information" that cybercriminals are taking new aim at health care providers and public health agencies as the COVID-19 pandemic reaches new heights. "Malicious cyber actors" may soon be planning to "infect systems with Ryuk ransomware for financial gain" on a scale not yet seen across the American healthcare system. Hospitals, physician practices, and public health organizations should take "timely and reasonable precautions to protect their networks from these threats." Malware targeting techniques often lead to “ransomware attacks, data theft, and the disruption of healthcare services." The agencies recommend several mitigation steps and best practices for health care entities to take to reduce their risk, including the following:
- Patch operating systems, software, and firmware as soon as manufacturers release updates.
- Regularly change passwords to network systems and accounts and avoid reusing passwords for different accounts.
- Use multi-factor authentication where possible.
- Disable unused remote access/Remote Desktop Protocol (RDP) ports and monitor remote access/RDP logs.
- Identify critical assets; create backups of these systems and house the backups offline from the network.
- Set antivirus and anti-malware solutions to automatically update; conduct regular scans.
The American Medical Association (AMA) and the American Hospital Association (AHA) have created two resources to help physicians and hospitals guard against cyber threats. Those resources and additional cyber security information can be found at the AMA’s cybersecurity webpage.