Chinese Hackers Amp-Up Healthcare Cyber Attacks; US-CERT Issues Alert
By: Jim Stickley and Tina Davis
February 9, 2019
There’s a great deal of concern by cybersecurity professionals about the country of China and the ongoing security hazard it presents. China’s reputation for stealing intellectual property from the US is alarming, and this latest attack on healthcare agencies perpetuates their devious and dangerous reputation. In this case, attacks focus on IT service providers and the companies who use them. They take advantage of the trust built by these relationships, focusing attacks on healthcare networks and the sensitive patient information they hold. With these attacks being successful against healthcare providers, there’s no telling what industry Chinese threat actors may focus on next.
The healthcare industry has been ravaged by a range of cyberattacks, in particular, ransomware attacks. The sensitive nature of the patient data these hacks expose make them a natural for ransom demands. Hospitals and healthcare providers rely on instant access to data, and the likelihood of paying healthcare ransoms increases dramatically when lives are at risk. This latest attack by Chinese actors is so alarming that the FBI and Department of Homeland Security (DHS) are involved. The United States Computer Emergency Readiness Team (US-CERT) posted an alert on its website that the Cybersecurity and Infrastructure Security Agency (CISA) strongly suggests being followed by IT service providers and their customers. The HIPAA website also provides guides for IT providers and their customers to mitigate these hacks, admitting there is currently no single solution to prevent them.
IT Service Customers
- Verify all IT service providers are used appropriately and disable provider accounts when not in use.
- Verify and review all connections between IT providers and healthcare systems.
- Make sure IT service providers review systems for security concerns and compromises and that they have solutions and necessary tools to detect cyberattacks.
- Maintain agreements with IT service providers for proper security and monitoring and require prompt notification of suspicious activity.
IT Service Providers
- Fully implement policies and procedures outlined in US-CERT alert.
- Implement monitoring systems to find unusual behavior that indicates malicious activity and account misuse.
- Work with customers to carefully monitor and maintain infrastructure, including customer cybersafe education.
- Restrict access to customer networks and separate data in a logical manner.
- Perform regular backups of customer data that is stored separately from all other networks and that can be quickly accessed and restored should a malware attack hit your customer.