A warning to all healthcare providers from the FBI, the Department of Health and Human Services (HHS), and the Cybersecurity and Infrastructure Security Agency (CISA) (the Joint Cybersecurity Advisory)
If the threat of cybercrime wasn’t already bad enough, a warning has been issued that the Joint Cybersecurity Agency has credible information that increased cybercrime threats are imminent to healthcare providers. Translation: buckle up because cybercrime is going to get worse than it’s already been, especially if you’re in healthcare.
What is the Warning?
In the opening summary of the official advisory report, which you can read here, it says:
“CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers. CISA, FBI, and HHS are sharing this information to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.”
What is the Threat?
The report goes on to state that there is an imminent ransomware threat targeting the Healthcare and Public Health Sector.
If you’re not familiar with ransomware or cybercrime in general, here is a brief explanation. Cybercrime is where a criminal uses email or the internet to break into your computers or server. They’ll either steal your data, infect you with a virus, or infect you with ransomware. Ransomware is where a cybercriminal locks you out of your server or computer and then demands cash (or bitcoin) as a ransom payment. They might also steal your data in the process. Once you pay them, they usually give you access to your computers again.
This is a huge problem and is happening more and more each year. The cybercrime industry is said to now be bigger than the illegal drug industry. It doesn’t matter how big or small your practice is, if you have the internet or email, you are at risk of getting your data stolen, or getting locked out of your own computers, either of which would be devastating to your practice.
Specifically, this is what the warning says:
“CISA, FBI and HHS assess malicious cyber actors are targeting the HPH Sector with TrickBot and BazarLoader malware, often leading to ransomware attacks, data theft, and the disruption of healthcare services.
“The cybercriminal enterprise behind TrickBot, which is likely also the creator of BazarLoader malware, has continued to develop new functionality and tools, increasing the ease, speed, and profitability of victimization. These threat actors increasingly use loaders-like TrickBot and BazarLoader (BazarBackdoor)-as part of their malicious cyber campaigns. Cybercriminals disseminate TrickBot and BazarLoader via phishing campaigns that contain either links to malicious websites that host that malware or attachments with the malware. Loaders start the infection chain by distributing the payload; they deploy and execute the backdoor from C2 server and install it on the victim’s machine.”
The full report is 22 pages long, which you can read here. If those statements were too techy for you, let me translate it for you.
Translation: The FBI has determined that criminals known as cybercriminals are targeting the healthcare sector with an advanced form of malware which will lead to ransomware. When that happens, it will disrupt your healthcare services and your business, they will steal your data and they want to steal your money. The cybercriminals are using increasingly advanced tools and techniques to carry out their attacks and in a lot of cases these attacks start with an innocent looking email. Please be careful and protect your computers, servers and network.
Recommendations to Protect Your Healthcare Practice
Is it safe to say that you’d like to protect yourself to prevent getting your money stolen, or your data stolen, and prevent experiencing huge disruptions in your practice? Towards the end of the report, some best practices are explained on how to protect yourself and your business from being a victim of data theft, cybercrime and ransomware attacks.
Interestingly to AZCOMP is that the recommendations are all the same recommendations that we’ve been trying to make for years now. All the recommendations are items that you might be able to do on your own. However, you might also find that a lot of these items are very detailed, required routine attention, can be very technical, can be very tedious, and when you put it all together it requires a lot of time to implement and maintain on an ongoing basis. So please, if you’d like help implementing any of this, let’s talk about it.
Summary of Recommendations to Protect Your Computers & Network from Cybercrime and Ransomware
This isn’t an exhaustive list, but this is our top 7 items you need to focus on first to set a good foundation of protecting your computers, servers and network from ransomware.
- Physical Protection
- Network Protection
- Endpoint Protection
- Training, Permissions & Policies
- Logging, Monitoring, Hunting & Response
- Backup & Disaster Recovery
This is what is called a layered security approach. There isn’t one magic security software you can install to protect you from every type of attack, so you need a variety of different defenses.
How would you protect a building that has really valuable items inside, like a bank or a jewelry store? How would you protect it if it were located in a crime ridden area of a really bad city? How would you keep criminals out? You’d probably want all kinds of defenses like dead bolts, metal doors, bars on windows, alarm systems, armed guards, dogs, fencing, motion sensors, video cameras – the whole 9-yards, right? You need all those items because they each offer a different type of protection from the other items.
Your computers, your servers, your network all need to be defended with a similar strategy. You need a variety of defenses in place because you are a target. You are a target because you have valuable items (money (you are a business with a checking account, right?) and data) that criminals want to steal from you. To defend your network, your data, your money (and your time) against these bad cybercriminals, we recommend the 7 layers.
Here’s a brief description of the 7 layers:
You need all the good physical protections in place as you would in any business like we talked about above to limit the ability for people to break in and physically steal your server or computers.
This comes in the form of a genuine Nextgen Firewall – not some router you purchase at BestBuy that says it has a built-in firewall. A Nextgen Firewall requires that you pay a monthly subscription fee for advanced security features.
Here are some of the features you’d get with a NextGen Firewall:
- Content filtering
- Intrusion detection and prevention
- Network level virus scanning
- Access controls
- The ability to set up a VPN
5 or 8 years ago, there was no such thing as “endpoint protection”, it was just “antivirus”. Endpoints are all the devices on your network, like computers, laptops, tablets, servers, etc. To properly protect them, they need more than just an antivirus program. Here is a condensed list of some of the modern ways to protect your computers and servers.
- Software and operating system security updates (patching)
- Nextgen antivirus/antimalware/antispyware/antiransomware
- Spam filtering
- Endpoint web content filtering
In healthcare – it is critical for mobile device drives to be encrypted, but all device drives (including desktop computers and servers) need to be encrypted. It is an awesome way to protect your drives.
Training, Permissions and Policies
Train your employees (and yourself) on how to spot “phishing” emails, and how to safely navigate the internet. A huge percentage of ransomware and other malware attacks come through phishing emails with employees clicking on bad email attachments or taking the bait by clicking on a bad link in a bogus email.
In addition to employee education, network policies and permissions are important. Your network should be setup in a way that an administrator can give employees permission only to information that they need (and restrict them from information they don’t need), and also set password policies and account lockout on failed login attempts, etc.
Logging, Monitoring, Hunting and Response
Put a system in place to ensure that you are aware when something needs your attention, like if your antivirus scan didn’t complete, if your backup failed, if you’re missing important patches, or if you have a virus or malware on a computer or server. You also need a way to hunt for and identify when suspicious activity is happening on any of your computers, servers or other areas of your network. Likewise, you should have a system or predetermined plan for what steps to take if you ever have a real security event, like ransomware.
Backup & Disaster Recovery
If all else fails, you need a reliable backup system. We recommend you have your critical data stored in 3 separate locations: (1) the original copy on computer or server, (2) a 1st backup on a secondary device in the office and (3) a 2nd backup that is offsite or “in the cloud”.
Some important things to consider for having an effective backup system: Is it automated? If it fails will you be notified? Can you perform a test restore to verify it works? Is your backup setup in a way that if you get ransomware on a computer that your backup wouldn’t also get infected? Not very many backup solutions will do all of those items, but they are very important.
AZCOMP Can Help With Protecting Your Computers, Servers & Network from Cybercrime
In addition to those 7 layers or areas of security, there are many other items that are important to protecting your data and your business. If you need help in implementing any of this, you can get help from AZCOMP!
Call us to discuss your computer and server protection needs, or learn more about how AZCOMP can help by visiting these pages:
In addition to computer, server and network protection, AZCOMP is here to help you get the most out of your technology investment and succeed with technology. You can hire us to manage all aspects of the technology in your business.