Getting Ryuk-Rolled: The Threat of Ransomware Attacks

While cyber-attacks are a threat that always linger in the back of the minds of hospital leadership across the country, a spate of recent attacks that hit hospitals across the country has prompted the Cybersecurity & Infrastructure Security Agency (CISA), the FBI, and the Department of Health and Human Services (HHS) to release a joint advisory that describes the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the Healthcare and Public Health Sector (HPH) to infect systems with  ransomware for financial gain.

A recent Becker’s Health IT article said that at least six hospitals in the U.S. were hit in a 24-hour period starting October 26. While the names of the facilities were not released, Klamath Falls, Oregon-based Sky Lakes Medical Center and St. Lawrence Health System in Upstate New York self-identified as victims of ransomware attacks Oct. 27th.

In a follow-up article by Becker’s, Sky Lakes Medical Center said they were planning to replace 2,000 computers and purchase new servers due to the attacks. St. Lawrence Health System disconnected shortly after the attack was discovered and was back online in 10 days. The article also highlighted several other hospital systems that were impacted. The attacks had varying impacts from facilities shutting down their IT networks for days or weeks to other facilities being forced to furlough workers that were unable to do their jobs.

Unfortunately, these are not one-off or quick hits that will go away soon. The New York Times reported that Russian hackers have been trading a list of more than 400 hospitals they plan to target. The hackers, based in Moscow and St. Petersburg, claim to have already infected more than 30 facilities.

But what can you do to protect against ransomware attacks? CISA has a list of suggestions that can help your hospital better protect from, prevent and respond to ransomware.

The start is to protect your data and networks:

• Back up your computer(s)
• Store your backups separately
• Train your organization

Some of the ways to help prevent ransomware infections include:

• Update and patch your computer(s)
• Use caution with links and when entering website addresses
• Open email attachments with caution
• Keep your personal information safe
• Verify email senders
• Stay Informed about threats
• Use and maintain preventative software programs

If hackers do manage to get into your system, there are several things that need to be done:

• Isolate the infected system(s)
• Turn off other computers and devices
• Secure your backups
• Immediately report ransomware incidents to IT
• Change all system passwords after ransomware has been removed

Email is a major entry point for these attacks, so ensuring the safety of your facility starts with teaching your staff the importance of being smart when it comes to email.

Phishing emails often come designed to look like they’re from a company you know and trust. In our personal lives that may be Netflix, Apple, Google, banks, and the like. According to the FTC, they’ll often tell you a story to trick you into clicking on a link or opening an attachment. Popular tricks include:

• Saying they’ve noticed some suspicious activity or log-in attempts
• Claiming there’s a problem with your account or your payment information
• Saying you must confirm some personal information
• Including a fake invoice
• wanting you to click on a link to make a payment
• Saying you’re eligible to register for a government refund
• Offering a coupon for free stuff
• Addressing the recipient as, “Customer” or “Sir or Madam” instead of a personalized greeting
• Using URLs that look close to real web addresses, but have differences or extra letters – this includes both in the sender’s email address and links they ask you to click on

The most important defense against ransomware attacks is knowledge and vigilance. Staying up to date on the latest information and putting it to use will help better prepare your organization for the potential wave of disruption hackers are aiming to create.