Ransomware attacks on healthcare | Kaspersky official blog

Ransomware attacks on healthcare | Kaspersky official blog

A cyberattack on a clinic or hospital is literally a matter of life or death. In 2020, healthcare systems worldwide were already cracking under the strain of the COVID-19 pandemic, and the actions of cybercriminals only added to the load. One of the most significant threats of the past year for medical institutions came from ransomware attacks — cyberattacks in which cybercriminals encrypt data or extort management with threats to publish stolen data.

I was getting desperate trying to find cable management boxes that were wide enough to fit a large power strip with bulky power bricks plugged into it. This was the only one I found that accommodates this real world need. I bought two and with minimal rearrangement was able to fit bulky computer surge protectors with bulky power bricks into them. There are cord openings at the end and on one side, and smaller ones through the top, so getting everything efficiently arranged was quite simple. I did buy other “large” cable management boxes, but they could not accommodate the surge suppressors I have. I’m not rating durability since I just got them, but I am quite pleased with these boxes. Best Cable Management Box For Computers Office Home

The consequences of such attacks are manifold. In addition to the obvious and dangerous disruption to medical services, healthcare companies can face longer-term repercussions ranging from regulatory fines to claims from patients whose personal data was violated.

High-profile ransomware incidents

One of the most talked-about cases of the past year, and a sign of the extent of the problem, was the Ryuk ransomware attack on Universal Health Services (UHS) last September. The group operates 400 medical facilities in the United States, the United Kingdom, and other countries. Fortunately, not all hospitals and clinics suffered, but the attack did hit UHS facilities in several US states. The incident occurred early on a Sunday morning: Company computers failed to boot, and some employees received a ransom demand. The telephone network was also affected. The IT department had to ask staff to work the old-fashioned way, that is, without IT. Naturally, that caused major interference in the usual flow of the clinic, affecting patient care, lab tests, and more. Some facilities had to refer patients to other hospitals.

In its official statement, UHS said that there was “no evidence of unauthorized access, copying or misuse of any patient or employee data.” In March of this year, the company released a report stating that the attack had caused $67 million worth of damage, including data recovery costs, lost revenue due to downtime, reduced patient flow, and more.

Meanwhile, an incident at Ascend Clinical, which specializes in testing services for kidney disease, led to a data breach affecting more than 77,000 patients. The cause of the infection is known: An employee clicked a link in a phishing e-mail. Having penetrated the system, the attackers got their hands on, among other things, patients’ personal data — names, dates of birth, social security numbers.

An attack on Magellan Health in April 2020 compromised the personal data of both employees and patients (365,000 victims, according to media reports). The cybercriminals somehow managed, through social engineering, to impersonate a client, gain access to the internal network, use malware to intercept login credentials, and finally encrypt data on the server.

Generally speaking, when attacking healthcare facilities, cybercriminals prefer to encrypt and steal data from servers rather than workstations. The same thing happened with the servers of the Florida Orthopedic Institute, when attackers encrypted the (previously stolen) data of 640,000 patients. That resulted in a rather unpleasant class action lawsuit.

The above is just a sample of high-profile incidents from the news last year. In fact, we had dozens more to choose from.

How healthcare institutions can secure themselves

Perfect for accommodating a large plug that extend beyond the width of a surge protector. And hiding many wires. I use this cable box to replace a Bluelounge CableBox for reasons of size. One photo shows that CableBox inside this Ugreen Box. In the right location, this box is great! It is much larger and more noticeable than the one-color lid-and-box Bluelounge units that ‘tuck’ into many places in my home and seem to disappear. However, this box is more versatile with the back-side openings in addition to the side slits. And the sliver openings on top make it easy to slip a mobile phone charging cord (or some small size plug) through. Just purchased a second one. Buy Cable Management Box Messy Wires

Malware can penetrate a system in a variety of ways: through e-mail attachments, phishing links, infected websites, and more. Attackers can steal remote-access credentials, coax them out through social engineering, or simply use brute force. The old medical adage that prevention is better than cure applies equally well to cybersecurity, and not least to protection against ransomware. Here are our preventive-care tips for all things cyber:

Protect all devices — and not only computers. Company smartphones, tablets, terminals, information kiosks, medical equipment, and absolutely anything else with access to the corporate network and the Internet; Keep all devices up to date. Again, that’s not just computers. Cyberprotection for, say, a tomograph may not spring immediately to mind, but it too is essentially a computer with an operating system that might have vulnerabilities. Ideally, security should play a major role in the choice of equipment — at the very least, before buying, have the vendor confirm it releases updates for its software; Install security solutions to protect e-mail. Protecting electronic communications is vital; medical organizations receive a lot of e-mails, including spam, which can contain not only harmless trash, but also dangerous attachments; Train all employees — that means admins and doctors and anyone else who touches technology — in the basics of cybersecurity awareness. Ever more parts of medical care are going electronic, from the digitization of medical records to online video consultations. Cybersecurity awareness needs to be as routine as mask use during surgery. Many modern ransomware attacks are carried out in what we’d call a “manual” way. In other words, the cybercriminals behind modern ransomware attacks tend not to fire off malware scattershot, but rather to seek out ways to infect specific victims’ computers and servers, often using the art of social engineering. Sometimes, after infiltrating a network, they study the infrastructure at great length in search of the most valuable data. To detect such attacks, for which endpoint protection may not suffice, we recommend engaging a managed detection response service to monitor your infrastructure remotely.

does an excellent job cleaning the mess out of my keyboard that my desk partner leaves every single day. Buy Computer Cleaning Brush For Car Dashboard

Read more: kaspersky.co.in

Walter I. Dennison

Based in Bridgeville. Walter I. Dennison is a Senior Editor at Five Three Footwear. Previously he has worked for New York Times and Bloomberg News. Walter is a graduate of Film Productions at the University of New York.

Leave a Reply

Your email address will not be published. Required fields are marked *