The future of healthcare and private health is in trouble.

According to a July 6, 2022, alert from the Cybersecurity and Infrastructure Security Agency (CISA), FBI, and Department of the Treasury, North Korea-sponsored threat actors have been targeting the U.S. healthcare and public health sector for over a year.

In the official statement, the FBI warns that they’ve detected a strain of ransomware, aptly titled “Maui”, attacking public health organizations since as far back as May 2021. State-sponsored threat actors, reportedly from North Korea, deployed the Maui ransomware to hijack and encrypt servers storing healthcare data such as private records, imaging services, and diagnostics, making the data unreachable unless a fee is paid. The malicious cyber-attack was unfortunately successful in disrupting many healthcare services for a substantial amount of time.

But what does this mean for the future of the healthcare industry?

In light of these attacks, federal agencies are currently urging those in healthcare to fully re-examine their current cybersecurity standing, including their infrastructure, cyber etiquette, and employee training. They recommend fully investing in robust antivirus software, report phishing attempts, and requiring multifactor authentication (MFA) to sign into any organization accounts.

In addition, they recommend healthcare organizations to:

  • “Limit access to data by deploying public key infrastructure and digital certificates to authenticate connections with the network, Internet of Things (IoT) medical devices, and the electronic health record system, as well as to ensure data packages are not manipulated while in transit from man-in-the-middle attacks”.
  • Use standard user accounts on internal systems instead of administrative accounts, which allow for overarching administrative system privileges and do not ensure least privilege.
  • Turn off network device management interfaces such as Telnet, SSH, Winbox, and HTTP for wide area networks (WANs) and secure with strong passwords and encryption when enabled.
  • Secure personal identifiable information (PII)/patient health information (PHI) at collection points and encrypt the data at rest and in transit by using technologies such as Transport Layer Security (TPS). Only store personal patient data on internal systems that are protected by firewalls, and ensure extensive backups are available if data is ever compromised.
  • Protect stored data by masking the permanent account number (PAN) when it is displayed and rendering it unreadable when it is stored—through cryptography, for example.
  • Secure the collection, storage, and processing practices for PII and PHI, per regulations such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Implementing HIPAA security measures can prevent the introduction of malware on the system.
  • Implement and enforce multi-layer network segmentation with the most critical communications and data resting on the most secure and reliable layer.
  • Use monitoring tools to observe whether IoT devices are behaving erratically due to a compromise.
  • Create and regularly review internal policies that regulate the collection, storage, access, and monitoring of PII/PHI.

Is your healthcare organization prepared for ransomware?

If any of the official CISA recommendations above was confusing or overwhelming, you’re not alone.

Following the official recommendation from the CISA is just the beginning. Your organization could be hit at any point by malicious actors, state sponsored or not. You need room for backup storage and data encryption, a business continuity plan, a disaster recovery plan, a technology roadmap, and a team of experts to help translate the overwhelming technical language. You need a fully trained staff that understand the dangers of phishing and weak passwords, and the right expertise to teach them how to stay safe on the internet.

It’s a lot to handle, and there never seems to be enough hours in the day. Your business comes first– let the experts at Twin Networks handle the technical side.

Contact us to learn more about protecting your business from ransomware and other cyber threats.