The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) issued an advisory alert describing the tactics, techniques, and procedures used by cybercriminals against targets in the healthcare and public health sector to infect systems with ransomware, notably Ryuk and Conti, for financial gain. According to the advisory, “CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”
Hospitals, physician practices, and public health organizations should take timely and reasonable precautions to protect their networks from these threats, according to the report. The agencies recommend several mitigation steps and best practices for healthcare entities to take to reduce their risk. The full list of mitigation efforts and best practices can be found in the advisory alert on pages 15-20.
The AAO-HNS recommends that you contact your EHR and internet providers to make sure you have measures in place to protect you, your patients, and your practice from this and other cyberattacks.
- The AMA and the American Hospital Association (AHA) have created two resources to help physicians and hospitals guard against cyber threats. Those resources and additional cybersecurity information can be found at the AMA’s cybersecurity webpage.
Added: October 30, 2020