Mary Beth Versaci at ADA News recently covered the latest alert by the Cybersecurity and Infrastructure Security Agency, FBI and Department of Health and Human Services. Please note that the attacks on dental offices and related healthcare businesses are growing. Please contact DDS Rescue about what you can do to protect your practice. Our security solutions guard against attacks and ensure your data is fully backed up and can be easily restored if necessary. DDS Rescue customers receive yearly HIPAA training and compliance as part of their service.
Alert warns of cybercrime threat to U.S. hospitals, health care providers
Federal agencies believe attacks could lead to data theft, disruption of health care services
The Cybersecurity and Infrastructure Security Agency, FBI and Department of Health and Human Services are warning health care providers to take precautions in response to credible information of an increased and imminent cybercrime threat to the U.S. health care and public health sector, according to an alert from the agencies.
DETAILS OF NEW ALERT
The Oct. 28 alert details the tactics, techniques and procedures used by cybercriminals against targets in the health care and public health sector to infect systems with ransomware for financial gain, as well as the practices the agencies encourage health care organizations to use to help manage the risk posed by ransomware and other cyber threats.
The agencies believe cybercriminals are targeting the sector with malware, often leading to ransomware attacks, data theft and the disruption of health care services, according to the alert.
“These issues will be particularly challenging for organizations within the COVID-19 pandemic; therefore, administrators will need to balance this risk when determining their cybersecurity investments,” the alert states.
The agencies recommend that health care organizations implement both ransomware prevention and response measures immediately. The alert includes tips from CISA and the Multi-State Information Sharing and Analysis Center’s joint Ransomware Guide, including maintaining offline, encrypted backups of data and regularly testing those backups; creating, maintaining and exercising a basic cyber incident response plan and associated communications plan that includes response and notification procedures for a ransomware incident; and planning for the possibility of critical information systems being inaccessible for an extended period of time.
The agencies do not recommend paying ransoms, as payment does not guarantee files will be recovered and could embolden attackers to target additional organizations or encourage others to engage in the distribution of ransomware and funding of illicit activities.
For additional resources, visit CISA’s ransomware guidance and resources webpage, the FBI’s ransomware webpage and the HHS Office for Civil Rights’ Fact Sheet: Ransomware and HIPAA.