{"id":3512,"date":"2020-11-16T09:24:43","date_gmt":"2020-11-16T15:24:43","guid":{"rendered":"http:\/\/blogs.luc.edu\/compliance\/?p=3512"},"modified":"2020-11-16T09:24:43","modified_gmt":"2020-11-16T15:24:43","slug":"hospitals-across-the-country-at-serious-risk-for-coordinated-ransomware-attacks","status":"publish","type":"post","link":"https:\/\/blogs.luc.edu\/compliance\/?p=3512","title":{"rendered":"Hospitals Across the Country at Serious Risk for Coordinated Ransomware Attacks"},"content":{"rendered":"

Kennedy<\/em> Chiglo
\nAssociate Editor
\n<\/em>Loyola University Chicago School of Law, JD <\/em>2022<\/em><\/span><\/p>\n

The Federal Bureau of Investigation (\u201cFBI\u201d), the Department of Health and Human Services (\u201cHHS\u201d), and the Department of Homeland Security Cybersecurity and Infrastructure Security Agency (\u201cCISA\u201d) recently announced<\/a> that hackers have been and will continue to target the United States hospitals and health-care providers. These attacks are cyber in nature and often lead to ransomware attacks, data left, and inevitable disruption of health care services when patient information is locked until the ransom can be paid.<\/span><\/p>\n

What is the nature of the cyber-attacks targeting the health care sector?<\/strong><\/span><\/p>\n

Cybercriminals have increased their efforts to target hospital systems with new malware functionalities that allow for the increased ease and speed to scam and defraud victims. These cyber campaigns utilize sophisticated ransomware<\/a>, a computer virus that locks up computers until a sum of money is paid for the decryption key. These attacks often occur in the form of phishing email campaigns with links or downloadable attachments that host the malware that can infect a user\u2019s computer.<\/span><\/p>\n

Phishing emails are the most common vehicle<\/a> for the delivery of ransomware into a provider\u2019s internal network. These emails usually contain a link to a criminally-controlled Google Drive document or other file hosting solution that appears to be a PDF file. Typically, this counterfeit document will report a failure to open the PDF file and will provide a link to access the file online. This link usually contains the ransomware and will subsequently be installed on the device upon the user\u2019s decision to click the link and access the information. Many phishing emails are personalized to the user or appear to be routine business correspondence with customer complaints, hiring decisions, updated internal policies, or other important tasks that would capture the email recipient\u2019s attention.<\/span><\/p>\n

The health care industry has become the most targeted for ransomware, cyber-attacks are more frequent and expected to increase<\/a> in the coming months. These attacks have resulted in more than 5.6 million<\/a> patient records that have been breached this year alone and may result in lawsuits against providers for comprising the most private individual data.<\/span><\/p>\n

How does the current public health emergency impact health care providers at risk for cyber-crime?<\/strong><\/span><\/p>\n

The COVID-19 pandemic has resulted in unprecedented regulatory requirements for health care providers that have resulted in the postponing of otherwise standard health care operational decision-making. Most health care providers have transitioned their daily procedures to revolve around tracking and reporting suspected and confirmed COVID-19 cases, maintaining adequate PPE supplies, installing new safety protocols for staff and patients, and communicating with patient families who are not allowed access into the facilities.<\/span><\/p>\n

However, as COVID-19 cases and hospitalizations surge across the country, so has coordinated ransomware attacks<\/a>. Six large hospital systems have suffered significant cyber-attacks in the past week alone<\/a>, with many more anticipated attacks to come this winter as COVID-19 cases spike again. These attacks can cause total disruption of care delivery and can expose patient data to criminals. The rapid expansion of telehealth has left many health care providers vulnerable as they quickly work to expand and secure their networks, but this has led to a swell of cybercriminal activity that targets uninformed patients<\/a> and their medical devices for monetary benefit.<\/span><\/p>\n

In the face of the public health emergency, maintaining best practices and compliance with technology requirements is not on the forefront of many health care provider\u2019s agendas. However, technology administrators in hospitals and clinics need to balance the risk of a data breach with other daily demands in order to secure the integrity of their internal networks. \u00a0\u00a0<\/span><\/p>\n

What can be done to protect an institution\u2019s network from being attacked?<\/strong><\/span><\/p>\n

It is important to first note that the FBI, HHS, and CISA do not ever recommend paying ransoms<\/a> to cybercriminals as this can embolden adversaries to target similarly situated health care organizations and encourage other criminal actors to engage in ransomware attacks. Instead, these government entities encourage best practices such as:<\/span><\/p>\n