Cyber security and ransomware attacks are in the news every day, and it may seem like mission impossible to keep up with the latest threats. Even the largest healthcare organizations with the most significant cyber budgets are not immune to being hacked. There are things every practice can do to be more vigilant in the face of this ever-evolving cyber landscape.
Awareness of new and existing threats and emerging cybercrime trends is critical to keeping your practice safe. You and your IT team should be alert for any notifications from the HHS, OCR, and numerous Federal and State institutions dedicated to protecting the privacy of healthcare patients and other individuals.
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is at the forefront of the cybersecurity world. The healthcare industry is critical to the country’s infrastructure, and cyber threats that target healthcare organizations are treated with the same seriousness as those against government institutions. The CISA.gov website keeps a running list of trends in phishing attacks, malware, ransomware, and known software vulnerabilities that hackers lock onto and exploit.
CISA Zeppelin Ransomware Attack
One recent example of CISA identifying a threat was the warning regarding Zeppelin ransomware, which has gone explicitly after healthcare. Zeppelin hackers spend up to two weeks inside their victim’s network before deploying their ransomware, using that time to fully scope out how much damage they can do to the victim, which will determine how much money they ask for in ransom. That ransom is almost always in the form of cryptocurrency, making it nearly impossible for authorities to track the payments.
This warning – CISA Zeppelin Ransomware – includes a complete list of Indicators of Compromise (IOCs) to help your IT identify the attack as early as possible and mitigation procedures to help prevent a future attack or to minimize the damage after an attack.
Cybercrime is bigger than ever, and the most significant cybercriminal gangs have seen annual profits that rival Fortune500 businesses. All organizations are potential victims. The importance of using every resource available to you to keep up to date on the dangers to your business can’t be overstated.
To keep your practice safe, stay educated on cyber-attacks and ensure you have protections to defend your network.