Hospitals and healthcare organizations already stretched and overwhelmed as they deal with the coronavirus (COVID-19) pandemic are being targeted by cybercriminals.
Interpol has warned that ransomware attacks are on the rise once more, targeting the health sector, where cyber criminals lock organizations out of their IT systems in a bid to extort money from them.
In a recent statement, Interpol said that its Cybercrime Threat Response team has detected a significant increase in the amount of ransomware attack attempts specifically targeted to hold hospitals and other medical services engaged in the response to the virus “digitally hostage”. Interpol has issued a “Purple Notice” to police in 194 member countries alerting them to the heightened threat from ransomware at this time.
This kind of attack can be lucrative for cybercriminals: organizations that can’t lose time or access to systems could be tempted to pay the ransom to have their access restored. After all, especially during a pandemic, loss of IT systems can be a matter of life and death.
If healthcare workers are locked out of their systems at this time, it can delay or cause other complications to the delivery of medical treatment.
The timing is also opportunistic as exhausted, overworked healthcare staff may not be thinking about cybersecurity and may let their guards down. Additionally, as some workers for healthcare organizations are working remotely as a result of the pandemic, there is additional scope for security vulnerabilities to arise.
Healthcare organizations are frequent targets of cybercriminals
Sadly, ransomware attacks targeting hospitals and healthcare organizations are nothing new.
They have been on the increase for the last few years, the most notorious being the WannaCry attack that crippled the NHS in the United Kingdom in 2017 and cost £92 million in service disruptions and upgrades to systems.
In 2019 in the United States alone, 764 healthcare organizations were the targets of ransomware attacks, according to the Emisoft State of Ransomware in the US Report. Each ransomware attack in the USA can cost the affected organization anywhere between $1600 to $14 million to deal with.
The mayhem that ensued from these attacks has meant that emergency patients needed to be redirected to other hospitals, medical records couldn’t be accessed and in some cases, they were permanently lost, many surgical procedures were canceled, clinical tests needed to be postponed and hospital admissions were halted.
What steps can be taken to prevent ransomware attacks?
It’s not only the healthcare sector that’s at risk from ransomware and other cyber attacks at this time. All organizations should review their processes and increase their preparedness, especially with more security risks posed by employees working from home.
Being mindful that cybercriminals are poised, ready to take advantage of organizations already mired in a crisis is the first step towards ensuring that your organization is ready to combat the issue.
Steps that your organization can take to minimize the risk include:
1. Keep hardware and software systems up-to-date
If you aren’t running the latest versions of software, you should do this immediately, including any patches issued by software vendors. Cybercriminals are known to exploit these vulnerabilities in systems.
2. Back up your essential files
In the unfortunate event, your organization does become a victim of a ransomware attack, if your files are backed up you can recover more quickly and still have access to important information that can save time and save lives. Save your backups somewhere separate from your main systems.
3. Ensure systems are secure
Ensure that your systems are protected by firewalls and that your anti-virus and anti-malware software definitions are up-to-date.
Employees accessing your systems over VPNs or using mobile devices could also put your systems at risk. All security updates should also be applied for VPN and firewall configurations.
4. Insist on strong passwords
Your systems should require employees to use strong and unique passwords that should be updated regularly.
5. Educate your employees about ransomware
It’s estimated that around 80% of cyber-attacks happen because of human error – this makes your people the weakest link in the chain. Providing education and advice to your employees about what to look for, why they should be vigilant and the responsibility that they have to keep the organization’s systems safe is critical.
Ongoing educational activities should be rolled out to keep this front-of-mind, including being aware of identity fraud, phishing, opening emails with suspicious attachments or applications, clicking on links in emails from an unknown sender etc.
Quizzing your employees on their knowledge regularly can let you know whether or not the information is being retained.
6. Communicate the newest threats
Let your employees know that there are new ransomware threats circulating during the COVID-19 pandemic and keep them up-to-date as more information becomes available. Remind them that they need to be exceptionally vigilant and what the consequences could be if your systems are crippled by ransomware at this time.
Quiz: test your employees’ knowledge of ransomware and other cybersecurity risks
With the COVID-19 pandemic resulting in more and more employees working remotely, there’s an increased risk that your company’s IT systems could be more vulnerable and come under attack by hackers and other cybercriminals.
Employees are the weakest link in your cybersecurity chain: if they don’t understand the risks they could divulge passwords and other credentials, open suspicious email attachments, click on malicious links and compromise your systems.
Test your employees’ knowledge with this quiz that can be delivered via DeskAlerts to determine what the potential risks might be for your organization so you can deliver the appropriate education and training to keep your systems safe.
What to do if your organization has already been affected by ransomware?
If your organization is the victim of a ransomware attack, there are some steps you should immediately take to protect your organization as best you can from further damage:
1. Try to isolate the ransomware by disconnecting infected computers and other devices from your network.
2. Warn your other employees urgently that there is a threat and give them the steps they need to take to stop it spreading through your systems. You can do this by sending urgent notifications, such as a pop-up alert, that gets attention quickly. Lock screen alerts in DeskAlerts can be used to quickly get your employees’ attention, letting them know there is a threat, while also preventing them from using the computer further.
3. Any infected devices should be safely wiped and operating systems should be reinstalled. Backups should be restored once you verify they are free from ransomware.
4. According to the UK’s National Cyber Security Centre, you shouldn’t pay the ransom to the cybercriminals – no matter how tempting it may be to get your systems back.
5. If you have been affected by online fraud, including ransomware, you should alert the appropriate law enforcement authorities immediately and follow their advice.
Vigilance is needed more than ever, not just to avoid spreading COVID-19, but to keep other aspects of our lives functioning and safe. The economic aspects of the virus have already been crippling for many organizations, and a cyber attack could have dire consequences for a business’ bottom line.
In fact it could tip a struggling organization over the edge and result in total financial ruin. Bolstering your cyber security measures is one of the most important things you can do to ensure your organization remains viable long after the pandemic is over.