The U.S. government warns a group out of Eastern Europe is on the attack. At least five hospitals are victims so far.

Kelly Teal, Contributing Editor

October 29, 2020

5 Min Read
Medical IT, health care
Shutterstock

Managed security service providers serving health care clients are on high alert on the heels of a warning from the federal government. The FBI, Cybersecurity and Infrastructure Security Agency and Department of Health and Human Services said on Wednesday they have “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”

The agencies said malicious groups based in Eastern Europe are targeting the U.S. health care system. They are seeking to steal data and disrupt services. They are using Trickbot malware and Ryuk ransomware. Trickbot transmits Ryuk. NBC reports that Microsoft and, reportedly, the U.S. Cyber Command, have both tried to disrupt Trickbot. However, those attempts appear not to have worked.

And as Associated Press noted, cybercrime stands to hurt medical efforts, and even risk lives, as cases of COVID-19 are again on the rise. To that point, independent security experts told AP the cyberattacks, which involve ransomware, already have hampered at least five hospitals so far this week. Reuters said the FBI is investigating incidents in California, New York and Oregon. NBC reported later on Thursday that a health care system in Vermont also has been hit.

One doctor told Reuters an entire facility was using paper because its systems were down and medical teams could not transfer patients.

“We can still watch vitals and get imaging done, but all results are being communicated via paper only,” the doctor told Reuters on condition of anonymity.

Take Steps to Prevent Cybercrime

Government officials are telling hospitals to do their utmost to prevent cybercrime. They need to have their backup systems in order, to disconnect systems from the internet wherever possible and not to use personal email accounts. MSSPs with health care clients should lead these efforts, and make sure to also do the following:

  • Patch operating systems, software, and firmware as soon as manufacturers release updates.

  • Check configurations for every operating system version for HPH organization-owned assets to prevent issues from arising that local users are unable to fix because local administration is disabled.

  • Regularly change passwords to network systems and accounts and avoid reusing passwords for different accounts.

  • Use multi-factor authentication where possible.

  • Disable unused remote access/Remote Desktop Protocol (RDP) ports and monitor remote access/RDP logs.

  • Implement application and remote access to only allow systems to execute programs known and permitted by the established security policy.

  • Audit user accounts with administrative privileges and configure access controls with least privilege in mind.

  • Audit logs to ensure new accounts are legitimate.

  • Scan for open or listening ports and mediate those that are not needed.

  • Identify critical assets such as patient database servers, medical records, and telehealth and telework infrastructure; create backups of these systems and house the backups offline from the network.

  • Implement network segmentation. Sensitive data should not reside on the same server and network segment as the email environment.

  • Set antivirus and anti-malware solutions to automatically update; conduct regular scans.

Carmakal-Charles_Mandiant.jpg

Mandiant’s Charles Carmakal

The feds say the cybercriminal group called Wizard Spider or UNC1878 is responsible for the attacks. Charles Carmakal, senior vice president for U.S. cyber incident response firm Mandiant, told Reuters UNC1878 is “one of the most brazen, heartless and disruptive threat actors I’ve observed over my career.”

And, he told AP, “We are experiencing the most significant cyber security threat we’ve ever seen in the United States.”

Increasing Cybercrime Comes as No Surprise

Earlier this year, Cybersecurity Ventures predicted that, globally, businesses in 2021 will fall victim to a ransomware attack every 11 seconds. And the estimated cost to businesses will top $20 billion in 2021. Worldwide, cybercrime damages will reach $6 trillion, the cybersecurity firm found.

Curran-Sean_West-Monroe.png

West Monroe’s Sean Curran

Sean Curran, senior director of technology and cybersecurity lead at West Monroe, a national consulting firm, says it’s no shock the health care industry is attracting hackers’ attention.

“One of the main reasons prioritizing cybersecurity is an issue at health care organizations, especially at hospitals and health care providers, is that their stretched resources are always prioritized to provide the best care,” Curran said. “If an executive is faced with spending money to improve health outcomes or spend more on cybersecurity, the choice, understandably, errs towards patient care. In healthcare, unlike most other industries, it truly can be the difference between life and death.”

Puglia-Mike_Kaseya-2019.jpg

Kaseya’s Mike Puglia

Mike Puglia, chief strategy officer at IT management and security solutions provider Kaseya, agreed.

“There is also a continued lack of awareness of the need for SaaS backup in health care IT,” he said. “Health care organizations and their IT leaders need to recognize that platforms like G Suite, Microsoft Office 365 and Salesforce do not guarantee full restoration of lost data if an issue occurs on their end, either through an honest mistake or…

…malicious intent. Responsibility lies with the IT department to fill in any data protection gaps by implementing a backup and recovery solution, even for SaaS applications.”

Brown-Jeff_Open-Systems.jpg

Open Systems’ Jeff Brown

Those are main reasons why hospitals and doctors’ offices need to rely more on MSSPs.

“It’s extremely difficult for businesses – most of which are not cybersecurity experts – to address ransomware and other cyber threats, which continue to grow in sophistication,” said Jeff Brown, CEO of Open Systems, a managed detection and response provider. “Most organizations struggle to find the cybersecurity talent they need, which makes it extremely challenging for them to contain the deluge of cyberattacks coming their way.”

Read more about:

MSPs

About the Author(s)

Kelly Teal

Contributing Editor, Channel Futures

Kelly Teal has more than 20 years’ experience as a journalist, editor and analyst, with longtime expertise in the indirect channel. She worked on the Channel Partners magazine staff for 11 years. Kelly now is principal of Kreativ Energy LLC.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like