WebsiteGear Logo Log In
New User? Sign Up
About | Contact | FAQ
  Home News Technology Internet Security Friday, October 11, 2024 
Add Press Release News | News Feeds Feeds | Email This News Email


Increase in ransomware attacks to healthcare's vulnerable remote access systems threatens patients
Saturday, April 20, 2024

Nonprofit patient safety organization releases hazard report, recommendations

PLYMOUTH MEETING, Pa., April 12, 2024 /PRNewswire/ -- Ransomware groups are increasingly targeting vulnerable remote access systems in healthcare, with several high-profile incidents in recent months. Ransomware attacks can cripple a hospital's ability to serve patients by cutting off access to or manipulating essential technologies and patient data. Hackers can exploit remote systems to divert emergency vehicles, cancel appointments, and in worse-case scenarios, shut down entire facilities.

It's common for hospitals to grant remote access to their networks, including for hybrid or remote employees; for physicians accessing patient records; and for radiologists reading studies. Vendors are also given access to remote hospital systems to run financial operations such as bill payments; or to support medical devices, IT systems, or physical plant/HVAC systems. Attackers can exploit these entry points--gaining access to and moving throughout the network--if remote access systems are not protected.

"The consequences of these attacks can be devastating: vital medical records held hostage, treatment plans in disarray, and potentially deadly delays in care," said Marcus Schabacker, MD, PhD, president and CEO of ECRI. "Each unchecked vulnerability is a threat to patient safety. To grow complacent about cybersecurity in healthcare is to play fast and loose with patients' lives."

"Although we're seeing an uptick in ransomware that targets remote access, this threat is not new," added Schabacker. "ECRI has called out cybersecurity issues in our annual top ten hazards list every year since 2018 - with hackers exploiting remote access topping the list in 2019. It's alarming that the issue has only worsened in the years since."

ECRI's recent report includes recommendations for healthcare leaders to address ransomware attacks on remote access systems:

    --  Ensure that Internet-facing systems (e.g., remote access systems, VPNs)
        are configured securely and that security updates are applied.
        --  Routinely scan perimeter networks for vulnerabilities. Cybersecurity
            & Infrastructure Security Agency (CISA) offers vulnerabilities
            scanning to health delivery organizations (HDOs) at no cost.
            https://www.cisa.gov/cyber-hygiene-services.
        --  Routinely audit against the CISA Known Exploited Vulnerabilities
            (KEV) catalog.
            https://www.cisa.gov/known-exploited-vulnerabilities-catalog.
        --  Prioritize remediation of any systems affected by vulnerabilities
            listed in the KEV catalog.
    --  Consider blocking network traffic to internet-facing systems from
        potentially adversarial countries with which your organization does not
        conduct business.
    --  Routinely audit logs and traffic from remote access systems.
    --  Do not ignore other attack vectors such as phishing and password
        compromise.
    --  Develop incident response plans that include ransomware contingencies
        and recovery.
        --  Include policies on patient diversion.
        --  Include downtime and offline procedures for operating without an
            electronic medical record (EMR) and all other networked medical
            systems and devices.
        --  Identify who to contact at law enforcement agencies.
        --  Identify your primary vendor contacts for clinical and IT systems.
    --  Maintain backup and recovery methods for all IT systems, and
        periodically test restoration from backups.
    --  Consult legal counsel in the event of a data breach or ransom demand.
        Consider that payment of a ransom incentivizes future attacks, and that
        payment is not a guarantee that systems will be restored, either in part
        or in full.

The full report, released to ECRI members, includes high-profile ransomware incidents that recently impacted the healthcare industry. ECRI is one of the nation's largest patient safety organizations, and the only organization worldwide to conduct independent medical device evaluations.

View original content to download multimedia:https://www.prnewswire.com/news-releases/increase-in-ransomware-attacks-to-healthcares-vulnerable-remote-access-systems-threatens-patients-302115469.html

SOURCE ECRI



Email This News Email | Submit To Slashdot Slashdot | Submit To Digg.com Digg | Submit To del.icio.us Del.icio.us | News Feeds Feeds

RELATED NEWS ARTICLES
Nav Service Providers IPNET and Petcom Partner with Aprecomm to Enhance Online Experiences in Brazil | Oct 11, 2024
Nav Recorded Future Unveils AI-Driven Enhancements to Combat Ransomware Threats with Real-Time Intelligence | Oct 11, 2024
Nav Data Breach Response Provider, CyEx, Launches Privacy Shield | Oct 11, 2024
Nav Global Cyber Alliance and Partners Announce "BEYOND125 Action Plan" to Improve and Protect The Digital Future | Oct 4, 2024
Nav Accelecom Expands Managed Services Suite | Oct 4, 2024
Nav Trend Micro Fights Back Against Online Scams | Oct 4, 2024
Nav Protect Your Safety Online, Say NHA IT Experts | Oct 4, 2024
Nav AtData Sets Sights on Growth, Selects Stuart Lazarus as Senior Vice President of Sales | Sep 28, 2024
Nav VPN.com Joins Elon Musk in Defending Free Speech Amid Brazil's Censorship of X | Sep 28, 2024
Nav Akamai Technologies Receives Company-wide ISO 14001 Attestation Demonstrating High Standards for Environmental Management Systems | Sep 28, 2024
NEWS SEARCH

FEATURED NEWS | POPULAR NEWS
Submit News | View More News View More News