RECALIBRATE YOUR HEALTHCARE STRATEGY
Learn 4 strategic pivots for 2025 and beyond.
Learn more

Daily Briefing

4 ways to protect your hospital against a cyberattack


Amid mounting tension between Russia and Ukraine, federal officials are warning U.S. organizations—including health systems—of an increased potential of cyberattacks that could significantly damage critical infrastructure.

Access our cybersecurity resource library

Hospitals are often vulnerable to cyberattacks

Hospitals are increasingly becoming targets of cyberattacks, which often disrupt operations and potentially put patients at risk. For example, a ransomware attack at Springhill Medical Center in 2019 shut down the hospital's network for three weeks. A pregnant patient later sued the hospital for medical malpractice, claiming the attack caused staff to miss concerning signs that ultimately led to her child's death.

Since the pandemic, the risk of cyberattacks has grown as hacking groups take advantage of overtaxed and short-staffed hospitals caring for Covid-19 patients.

Heather Hughes, director of client engagement and solutions at cyber insurer Resilience, said she has seen "threat actors take advantage of Covid for ransomware attacks because hospitals were short-staffed, everyone was stressed, the hospitals' census population is super high."

Hughes added that hospitals' increased use of staffing agencies has led to an ideal environment for security breaches since contract workers are not usually familiar with an organization's internal electronic system. "When they go to log in, for example, for their first shift, it's 'Click this link for your time card,'" she said. "They may click that link. Now they've introduced ransomware."

Federal officials, health organizations warn of increased cyberattack risks

With international tensions rising between Ukraine and Russia, federal agencies, as well as health organizations, have issued alerts about potential Russian cyberattacks in the near future. Previously, Russian malware deployed against Ukraine spread globally and caused widespread damage to critical infrastructure in the United States, including a major pharmaceutical company, a health care communications company, and many hospitals.

The Cybersecurity and Infrastructure Security Agency (CISA) recently issued a "Shields Up" alert for U.S. organizations about cyber threats from Russia. In the alert, CISA recommended that all U.S. organizations, regardless of size, "adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets."

Similarly, the American Hospital Association (AHA) and the Health-Information Sharing and Analysis Center last month issued a joint advisory recommending organizations identify and consider blocking any direct or third-party business associates and email contacts based in Ukraine and the surrounding region.

In addition, the FBI and National Security agency last month released recommendations for health care and other critical infrastructure organizations to help prevent, detect, and respond to common Russian cyber threats.

How to reduce the risk of cyberattacks

Both CISA and AHA have outlined several steps for U.S. organizations to minimize the risk and potential impact of cyberattacks.

1. Reduce the risk of a damaging attack

To do this, CISA recommends organizations require multi-factor authentication for all remote access to their networks, as well as privileged or administrative access. All software should be up to date, and updates that address known exploited vulnerabilities should be prioritized.

IT personnel should also ensure all non-essential ports and protocols are disabled and implement strong controls if cloud services are used.

2. Ensure potential attacks are quickly detected

CISA recommends that IT personnel confirm an organization's network is protected by antivirus and antimalware software. They should also focus on identifying and quickly assessing any unusual or unexpected network activity

If an organization conducts business with Ukrainian organizations, IT personnel should closely monitor and inspect traffic from these organizations, as well as review any access controls. In addition, AHA suggests organizations geo-fence all inbound and outbound traffic from Ukraine and the surrounding region to mitigate potential direct cyber risks.

3. Be prepared to respond if an attack occurs

To prepare for an attack, a main crisis response team should be designated, with different members taking charge of technology, communications, legal issues, and business continuity. Organizations should also conduct an exercise with all team members to ensure they all understand their roles during a potential attack.

According to AHA, it is "critical that a cross-function, leadership-level cyber incident response plan be fully documented, updated and practiced. This should include emergency communications plans and systems."

4. Ensure critical operations and data will still function during an attack

AHA recommends organizations identify all "mission-critical clinical and operational services and technology" and develop "four-to-six week business continuity plans and well-practice downtime procedures in the event those services or technologies are disrupted by a cyberattack."

According to CISA, organizations should test backup procedures to make sure critical data can be quickly restored if they're affected by a cyberattack. Backup data should also be isolated from network connections. In addition, organizations should test manual controls of their operational technology to make sure critical functions are still operable even if their networks are down or compromised. (AHA News, 2/1; CISA cybersecurity guidance, 1/18; Dress, The Hill, 2/12; Magnoli/Sawyer, CBS 12, 2/16; Reed, Axios, 2/18)


Learn more

Access our cybersecurity resource library

To get started, use this resource page to guide you through the following steps for becoming a cyber resilient organization:

1. Engage senior leaders in security efforts to advance the organization’s security maturity

2. Optimize the effectiveness of your Chief Information Security Officer (CISO)

3. Prepare in advance


SPONSORED BY

INTENDED AUDIENCE

AFTER YOU READ THIS

AUTHORS

TOPICS

INDUSTRY SECTORS

MORE FROM TODAY'S DAILY BRIEFING

Don't miss out on the latest Advisory Board insights

Create your free account to access 1 resource, including the latest research and webinars.

Want access without creating an account?

   

You have 1 free members-only resource remaining this month.

1 free members-only resources remaining

1 free members-only resources remaining

You've reached your limit of free insights

Become a member to access all of Advisory Board's resources, events, and experts

Never miss out on the latest innovative health care content tailored to you.

Benefits include:

Unlimited access to research and resources
Member-only access to events and trainings
Expert-led consultation and facilitation
The latest content delivered to your inbox

You've reached your limit of free insights

Become a member to access all of Advisory Board's resources, events, and experts

Never miss out on the latest innovative health care content tailored to you.

Benefits include:

Unlimited access to research and resources
Member-only access to events and trainings
Expert-led consultation and facilitation
The latest content delivered to your inbox
AB
Thank you! Your updates have been made successfully.
Oh no! There was a problem with your request.
Error in form submission. Please try again.