Healthcare Cybersecurity

Cybersecurity Awareness Month: Do Your Part, #BeCyberSmart

October is Cybersecurity Awareness Month; a full month where the importance of cybersecurity is highlighted, and resources are made available to help organizations improve their security posture through the adoption of cybersecurity best practices and improving security awareness of the workforce.

Cybersecurity Awareness Month was launched by the National Cyber Security Alliance and the United States Department of Homeland Security in 2004 to raise awareness of the importance of cybersecurity. Each year has a different theme, although the overall aim is the same – To empower individuals and the organizations they work for to improve cybersecurity and make it harder for hackers and scammers to succeed.

The month is focused on improving education about cybersecurity best practices, raising awareness of the digital threats to privacy, encouraging organizations and individuals to put stronger safeguards in place to protect sensitive data, and highlighting the importance of security awareness training.

This year has the overall theme – “Do Your Part, #BeCyberSmart” – and is focused on communicating the importance of everyone playing a role in cybersecurity and protecting systems and sensitive data from hackers and scammers. Throughout the month, the National Cyber Security Alliance and its partners will be running programs to raise awareness of specific aspects of cybersecurity, with each week of the month having a different theme.

  • Week of October 4 (Week 1): Be Cyber Smart.
  • Week of October 11 (Week 2): Phight the Phish!
  • Week of October 18 (Week 3): Explore. Experience. Share.
  • Week of October 25 (Week 4): Cybersecurity First

Cybersecurity Awareness month kicks off with the theme of “Be Cyber Smart” in week 1, where cybersecurity best practices are highlighted to protect the vast amounts of personal and business data that are stored on Internet-connected platforms.

“This evergreen theme encourages individuals and organizations to own their role in protecting their part of cyberspace, stressing personal accountability and the importance of taking proactive steps to enhance cybersecurity,” said the U.S. Cybersecurity and Infrastructure Security Agency (CISA).

Best practices being highlighted in week 1 are those that businesses and individuals should be implementing. They include always creating strong passwords, implementing multi-factor authentication on accounts, keeping software updated and patching promptly, and creating backups to ensure data can be recovered in the event of a ransomware attack or other destructive cyberattack.

“Since its inception, Cybersecurity Awareness Month has elevated the central role that cybersecurity plays in our national security and economy.  This Cybersecurity Awareness Month, we recommit to doing our part to secure and protect our internet-connected devices, technology, and networks from cyber threats at work, home, school, and anywhere else we connect online,” said, President Biden in a White House statement announcing the start of Cybersecurity Awareness Month. “I encourage all Americans to responsibly protect their sensitive data and improve their cybersecurity awareness by embracing this year’s theme: “Do Your Part.  Be Cyber Smart.”

Each week this month, HIPAA Journal will share information and resources based on the theme of the week that can be used to raise awareness of cybersecurity in your organization and improve your resilience to cyberattacks and privacy threats.

Be Cyber Smart – Your Role in Cybersecurity

Cybersecurity Basics – How to Secure Your Online Life

CISA – Cybersecurity Awareness Tip Sheets

The post Cybersecurity Awareness Month: Do Your Part, #BeCyberSmart appeared first on HIPAA Journal.

NSA/CISA Issue Guidance on Selecting Secure VPN Solutions and Hardening Security

The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) have issued new guidance on selecting and improving the security of Virtual Private Networks (VPN) solutions.

VPN solutions allow remote workers to securely connect to business networks. Data traffic is routed through an encrypted virtual tunnel to prevent the interception of sensitive data and to block external attacks. VPNs are an attractive targeted for hackers, and vulnerabilities in VPN solutions have been targeted by several Advanced Persistent Threat (APT) groups. APT actors have been observed exploiting vulnerabilities in VPN solutions to remotely gain access to business networks, harvest credentials, remotely execute code on the VPN devices, hijack encrypted traffic sessions, and obtain sensitive data from the devices.

Several common vulnerabilities and exposures (CVEs) have been weaponized to gain access to the vulnerable devices, including Pulse Connect Secure SSL VPN (CVE-2019-11510), Fortinet FortiOS SSL VPN (CVE-2018-13379), and Palo Alto Networks PAN-OS (CVE_2020-2050). In some cases, threat actors have been observed exploiting vulnerabilities in VPN solutions within 24 hours of patches being made available.

Earlier this year, the NSA and CISA issued a warning that APT groups linked to the Russian Foreign Intelligence Service (SVR) had successfully exploited vulnerabilities in Fortinet and Pulse Secure VPN solutions to gain a foothold in the networks of U.S. companies and government agencies. Chinese nation state threat actors are believed to have exploited a Pulse Connect Secure vulnerability to gain access to the networks of the U.S. Defense Industrial Base Sector. Ransomware gangs have similarly been targeting vulnerabilities in VPNs to gain an initial foothold in networks to conduct double-extortion ransomware attacks.

The guidance document is intended to help organizations select secure VPN solutions from reputable vendors that comply with industry security standards who have a proven track record of remediating known vulnerabilities quickly. The guidance recommends only using VPN products that have been tested, validated and included in the National Information Assurance Partnership (NIAP) Product Compliant List. The guidance recommends against using Secure Sockets Layer/Transport Layer Security (SSL/TLS) VPNs, which use non-standard features to tunnel traffic via TLS as this creates additional risk exposure.

The guidance document also details best practices for hardening security and reducing the attack surface, such as configuring strong cryptography and authentication, only activating features that are strictly necessary, protecting and monitoring access to and from the VPN, implementing multi-factor authentication, and ensuring patches and updates are implemented promptly.

The post NSA/CISA Issue Guidance on Selecting Secure VPN Solutions and Hardening Security appeared first on HIPAA Journal.

Fifth of Healthcare Providers Report Increase in Patient Mortality After a Ransomware Attack

While there have been no reported cases of American patients dying as a direct result of a ransomware attack, a new study suggests patient mortality does increase following a ransomware attack on a healthcare provider. According to a recent survey conducted by the Ponemon Institute, more than one fifth (22%) of healthcare organizations said patient mortality increased after a ransomware attack.

Ransomware attacks on healthcare providers often result in IT systems being taken offline, phone and voicemail systems can be disrupted, emergency patients are often redirected to other facilities, and routine appointments are commonly postponed. The recovery process can take several weeks, during which time services continue to be disrupted.

While some ransomware gangs have a policy of not attacking healthcare organizations, many ransomware operations target healthcare. For instance, the Vice Society ransomware operation has conducted around 20% of its attacks on the healthcare sector and attacks on healthcare organizations have been increasing. During the past 2 years, 43% of respondents said their organization had suffered a ransomware attack, and out of those, 67% said they had one while 33% said they had more than one.

The study, which was sponsored by Censinet, involved a survey of 597 healthcare organizations including integrated delivery networks, community hospitals, and regional health systems. The cost of ransomware attacks on the healthcare industry had been determined in a previous Ponemon Institute survey, with the data presented in the IBM Security Cost of a Data Breach Report. In 2021, costs had risen to an average of $9.23 million per incident. The Censinet study sought to determine whether these attacks had a negative impact on patient safety while also seeking to understand how COVID-19 has impacted the ability of healthcare organizations to protect patient care and patient information from ransomware attacks.

COVID-19 introduced many new risk factors, such as an increase in remote working and new IT systems to support those workers. Patient care requirements increased, and COVID-19 caused staff shortages. The survey confirmed that COVID-19 has affected the ability of healthcare organizations to defend against ransomware attacks and other increasingly virulent cyberattacks. Prior to COVID-19, 55% of healthcare organizations said they were not confident they would be able to mitigate the risks of ransomware, whereas now, 61% of healthcare organizations said they are not confident or have no confidence in their ability to mitigate the risks of ransomware.

These attacks were found to be negatively affecting patient safety. 71% of respondents said ransomware attacks resulted in an increased length of stay in hospitals and 70% said delays in testing and medical procedures due to ransomware attacks resulted in poor patient outcomes. Following an attack, 65% of respondents said there was an increase in the number of patients being redirected to alternative facilities, 36% said they had increases in complications from medical procedures, and 22% said they had an increase in mortality rate after an attack.

One of the factors that has contributed to a higher risk of a ransomware attack occurring is the increased reliance on business associates for digitizing and distributing healthcare information and providing medical devices. On average, respondents said they work with 1,950 third parties and that number is expected to increase over the next 12 months by around 30% to an average of 2,541.

Business associates of healthcare organizations are being targeted by ransomware gangs and other cybercriminal organizations. Cybersecurity at business associates is often weaker than their healthcare clients, and one attack on a business associate could provide access to the networks of multiple healthcare clients.

Even though working with third parties increases risk, 40% of respondents said they do not always complete a risk assessment of third parties prior to entering into a contract. Even when risk assessments are conducted, 38% of respondents said those risk assessments were often ignored by leaders. Once contracts have been signed, over half (53%) of respondents said they had no regular schedule of conducting further risk assessments or that they were only conducted on demand.

Censinet recommends creating an inventory of all vendors and protected health information. It is only possible to ensure systems and data are secured if accurate inventories are maintained. Workflow automation tools are useful for establishing a digital inventory of all third parties and PHI records. These tools should also be used for creating an inventory of medical devices. Medical devices can provide an easy entry point into healthcare networks, so it is essential that these devices are secured. Only 36% of respondents said their organization knew where all medical devices were located, and only 35% said they were aware when those devices would reach end-of-life and would no longer be supported.

The report recommends conducting a thorough risk assessment of a vendor prior to entering into a contract, and then conducting periodic risk assessments thereafter and ensuring action is taken to address any issues identified. Further investment in cybersecurity is required specifically to cover re-assessments of high-risk third parties, as currently, only 32% of critical and high-risk third parties are assessed annually, and just 27% are reassessed annually.

The report also strongly recommends assigning risk accountability and ownership to one role, which will help to ensure an effective enterprise-risk management strategy can be adopted and maintained.

The post Fifth of Healthcare Providers Report Increase in Patient Mortality After a Ransomware Attack appeared first on HIPAA Journal.

CISA and FBI Warn About Escalating Conti Ransomware Attacks

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a warning about escalating Conti ransomware attacks. CISA and the FBI have observed Conti ransomware being used in more than 400 cyberattacks in the United States and globally.

Like many ransomware gangs, prior to deploying Conti ransomware the gang exfiltrates data from victims’ networks. A ransom demand is issued along with a threat to publish the stolen data if the ransom is not paid. The developers of Conti ransomware run a ransomware-as-a-service operation, where affiliates are recruited to conduct attacks. Under this model, affiliates usually receive a percentage of any ransoms they generate. Conti appears to operate slightly differently, where affiliates are paid a wage to conduct attacks.

A variety of methods are used to gain access to victims’ networks. Spear phishing emails are common, where malicious attachments such as Word documents with embedded scripts are used as malware droppers. Typically, a malware variant such as TrickBot or IcedID is downloaded which gives the attackers access to victims’ networks. The attackers then move laterally within the compromised network, identify data of interest, then exfiltrate the data before deploying the Conti ransomware payload.

Brute force attacks are often conducted to guess weak Remote Desktop Protocol (RDP) credentials, vulnerabilities in unpatched systems are exploited, and search engine poisoning has been used to get malicious sites appearing in the search engine listings offering fake software. Malware distribution networks such as Zloader have been used, and attacks have been conducted where credentials have been obtained through telephone calls (vishing).

CISA and the FBI have observed legitimate penetration testing tools being used to identify routers, cameras, and network-attached storage devices with web interfaces that can be brute forced and legitimate remote monitoring and management software and remote desktop software have been used as backdoors to maintain persistence on victim networks. The attackers use tools such as Windows Sysinternals and Mimikatz to escalate privileges and for lateral movement.

Vulnerabilities known to be exploited include ZeroLogon (CVE-2020-1472), PrintNightmare (CVE-2021-34527), and the vulnerabilities in Microsoft Windows Server Message Block that were exploited in the WannaCry ransomware attacks in 2017.

Because a variety of tactics, techniques, and procedures are used to gain access to victim networks, there is no single mitigation that can be implemented to prevent attacks. CISA and the FBI recommend the following mitigations to improve defenses against Conti ransomware attacks:

  • Use multi-factor authentication
  • Implement network segmentation and filter traffic
  • Scan for vulnerabilities and keep software updated
  • Remove unnecessary applications and apply controls
  • Implement endpoint and detection response tools
  • Limit access to resources over the network, especially by restricting RDP
  • Secure user accounts
  • Ensure critical data are backed up, with backups stored offline and tested to ensure file recovery is possible

The post CISA and FBI Warn About Escalating Conti Ransomware Attacks appeared first on HIPAA Journal.

Health and Public Health Sector Warn of Elevated Risk of BlackMatter Ransomware Attack

The health and public health sector is facing an elevated risk of ransomware attacks by affiliates of the BlackMatter ransomware-as-a-service (RaaS) operation, according to the Health Sector Cybersecurity Coordination Center (HC3) of the Department of Health and Human Services.

The BlackMatter threat group emerged in July 2021 shortly after the DarkSide and Sodinokibli/REvil ransomware gangs shut down their operations. The Russian speaking threat group is believed to originate in Eastern Europe and has conducted many attacks over the past couple of months in Brazil, Chile, India, Thailand, and the United States. The group also started leaking data stolen in attacks on its data leak site on August 11, 2021.

The threat group has mostly conducted ransomware attacks on companies in the real estate, food and beverage, architecture, IT, financial services, and education sectors, and while the ransomware gang has publicly stated it would not attack hospitals, critical infrastructure companies, nonprofits, government, and defense contractors, there is concern that attacks may still occur.

The threat group said in its sales pitch for affiliates that its ransomware incorporates the best features of the DarkSide, Lockbit 2.0 and Sodinokibi/REvil ransomware variants, and a technical analysis of the ransomware found several similarities between both DarkSide and Sodinokibi/REvil ransomware variants suggesting the gang has links with those operations.

BlackMatter said its affiliates are not permitted to attack hospitals, and should any hospital or nonprofit company be attacked, they can make contact and request free decryption. The threat group also said “We will not allow our project to be used to encrypt critical infrastructure that will attract unwanted attention to us.” There is of course no guarantee that an attack would not still occur nor that a free decryptor would be provided. As HC3 warmed, “these details are what BlackMatter claims to be, and may not be accurate,” and the DarkSide and Sodinokibi/REvil ransomware variants have both been used in attacks on the health and public health sector.

The threat group is actively seeking initial access brokers (IABs) that can provide access to corporate networks, as well as affiliates to conduct attacks. IABs often sell compromised RDP credentials, VPN login credentials, and web shells, which provide ransomware gangs with the access they need to conduct attacks.

According to HC3, there have been “at least 65 instances of threat actors selling network access to healthcare entities on hacking forums in the past year.” An analysis of 1,000 forum posts selling network access in the past 12 months found the United States was the worst affected country, and 4% of breached entities were in the healthcare industry.

BlackMatter is used in attacks on Windows and Linux systems, encrypts files using Salsa20 and 1024-bit RSA, and attempts to mount and encrypt unmounted partitions. The ransomware encrypts files stored locally, on removable media, and on network shares, and deletes shadow copies to prevent recovery without paying the ransom. Files are also exfiltrated prior to encryption and stolen data have been published on the gang’s leak site to encourage payment of the ransom.

Even if free decryptors are provided, the cost of remediating attack is likely to be significant. It is therefore important for the health and public health sector to take steps to improve defenses to make BlackMatter and other ransomware attacks more difficult.

In the threat brief, HC3 provides cybersecurity best practices that should be adopted to mitigate the BlackMatter threat, which include maintaining offline encrypted backups, regularly testing backups to ensure file recovery is possible, creating, maintaining, and exercising a basic cyber incident response plan and communications plan.

The sector has also been advised to mitigate Internet-facing vulnerabilities and misconfigurations, patch promptly, and conduct regular security awareness training for the workforce and to implement defenses such as spam filters to combat email phishing and social engineering attacks.

The post Health and Public Health Sector Warn of Elevated Risk of BlackMatter Ransomware Attack appeared first on HIPAA Journal.

NCCoE Releases Final Cybersecurity Practice Guide on Mobile Application Single Sign-On for First Responders

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has recently released the final version of the NIST Cybersecurity Practice Guide SP 1800-13, Mobile Application Single Sign-On: Improving Authentication for Public Safety First Responders.

Public safety and first responder (PSFR) personnel require on-demand access to public safety data in order to provide proper support and emergency care. In order to access the necessary data, PSFR personnel are heavily reliant on mobile platforms. Through these platforms, PSFR personnel can access the personal and protected health information of patients and sensitive law enforcement information; however, in order to keep sensitive information secure and to prevent unauthorized access, strong authentication mechanisms are required.

Those authentication mechanisms are needed to keep data secure and to protect privacy, but they have potential to hinder PSFR personnel and get in the way of them providing emergency services. While authentication may only take a matter of seconds, any delay in providing emergency services can have grave consequences and may even be a matter of life and death.

The Cybersecurity Practice Guide was developed in collaboration with NIST’S Public Safety Communications Research lab and industry stakeholders and aims to help resolve authentication issues to ensure sensitive data remains private and confidential and PSFR personnel can rapidly gain access to the data they need via mobile devices and associated applications.

The guide includes a detailed example solution with capabilities to address risk with appropriate security controls, along with a demonstration of the approach using commercially available products. Instructions are also included for implementers and security engineers to help them integrate the solution into their organization’s enterprise and configure it in a way to achieve security goals with minimal impact on operational efficiency and expense.

“This practice guide describes a reference design for multifactor authentication and mobile single sign-on for native and web applications while improving interoperability among mobile platforms, applications, and identity providers, regardless of the application development platform used in their construction,” explained NCCoE.

The NIST Cybersecurity Practice Guide can be found on this link.

The post NCCoE Releases Final Cybersecurity Practice Guide on Mobile Application Single Sign-On for First Responders appeared first on HIPAA Journal.

NCCoE Releases Final Cybersecurity Practice Guide on Mobile Application Single Sign-On for First Responders

The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) has recently released the final version of the NIST Cybersecurity Practice Guide SP 1800-13, Mobile Application Single Sign-On: Improving Authentication for Public Safety First Responders.

Public safety and first responder (PSFR) personnel require on-demand access to public safety data in order to provide proper support and emergency care. In order to access the necessary data, PSFR personnel are heavily reliant on mobile platforms. Through these platforms, PSFR personnel can access the personal and protected health information of patients and sensitive law enforcement information; however, in order to keep sensitive information secure and to prevent unauthorized access, strong authentication mechanisms are required.

Those authentication mechanisms are needed to keep data secure and to protect privacy, but they have potential to hinder PSFR personnel and get in the way of them providing emergency services. While authentication may only take a matter of seconds, any delay in providing emergency services can have grave consequences and may even be a matter of life and death.

The Cybersecurity Practice Guide was developed in collaboration with NIST’S Public Safety Communications Research lab and industry stakeholders and aims to help resolve authentication issues to ensure sensitive data remains private and confidential and PSFR personnel can rapidly gain access to the data they need via mobile devices and associated applications.

The guide includes a detailed example solution with capabilities to address risk with appropriate security controls, along with a demonstration of the approach using commercially available products. Instructions are also included for implementers and security engineers to help them integrate the solution into their organization’s enterprise and configure it in a way to achieve security goals with minimal impact on operational efficiency and expense.

“This practice guide describes a reference design for multifactor authentication and mobile single sign-on for native and web applications while improving interoperability among mobile platforms, applications, and identity providers, regardless of the application development platform used in their construction,” explained NCCoE.

The NIST Cybersecurity Practice Guide can be found on this link.

The post NCCoE Releases Final Cybersecurity Practice Guide on Mobile Application Single Sign-On for First Responders appeared first on HIPAA Journal.

CISA Updates List of Cybersecurity Bad Practices to Eradicate

The Cybersecurity and Infrastructure Security Agency (CISA) has updated its list of cybersecurity bad practices that must be eradicated.

Cyber threat actors often conduct highly sophisticated attacks to gain access to internal networks and sensitive data, but oftentimes sophisticated tactics, techniques and procedures are not required. The Bad Practices Catalog was created in July 2021 to raise awareness of some of the most egregious errors that are made in cybersecurity that leave the door wide open to hackers.

There have been many lists published on cybersecurity best practices to follow, and while it is vital that those practices are followed, it is critical that these bad practices are eradicated, especially at organizations that support critical infrastructure or national critical functions (NCFs). These bad practices significantly increase risk to the critical infrastructure relied upon for national security, economic stability, and life, health, and safety of the public.

When the Bad Practices Catalog was first published, two entries were added. First on the list is the continued use of software that has reached end-of-life and is no longer supported by the software developer. Without support, patches are no longer issued to correct vulnerabilities, which can be easily exploited by cyber actors to gain access to internal networks.

Second, and equally egregious, is the failure to change default credentials and passwords that are known to have been compromised in data breaches or have otherwise been disclosed.

The latest addition is the use of single factor authentication for remote or administrative access to systems. Single factor authentication is the use of a username and password to secure an account. While this provides a degree of security, it is not sufficient to resist the brute force tactics of hackers. Any Internet-facing system must be protected with multi-factor authentication, which requires an additional authentication factor to be provided in addition to a password before access to the account or system is granted.

One study conducted by Google, in conjunction with the University of California San Diego and New York University, showed multi-factor authentication is effective at blocking 100% of automated bot attacks, 99% of bulk phishing attacks, and 66% of targeted attacks, while Microsoft Director of Identity Security Alex Weinert explained in a July 2019 blog post that multi-factor authentication will block 99.9% of attacks on accounts.

CISA considers these practices to be exceptionally risky, especially when they apply to software and technologies that are accessible over the Internet. While it is common knowledge that these practices are dangerous, they are still highly prevalent and commonly allow hackers to gain access to internal networks to steal sensitive data and conduct ransomware attacks.

The post CISA Updates List of Cybersecurity Bad Practices to Eradicate appeared first on HIPAA Journal.

FBI & CISA Warn of Increased Risk of Ransomware Attacks over Labor Day Weekend

The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a warning to all public and private sector organizations about the increased risk of ransomware attacks at times when offices are normally closed, such as long holiday weekends.

While many employees will be having a long weekend due to Labor Day, this is a time when threat actors are usually highly active. The low staff numbers during holidays and weekends make it less likely that their attacks will be detected and blocked. The CISA and the FBI explained in the warning that they have observed an increase in “highly impactful ransomware attacks occurring on holidays and weekends,” and provided multiple examples of threat actors conducting attacks over holiday weekends in the United States in 2021.

Most recently, the Sodinokibi/REvil ransomware actors conducted an attack on the Kaseya remote monitoring and management tool over the Fourth of July 2021 holiday weekend. The attack affected hundreds of organizations including many managed service providers and their downstream customers.

In May 2021, during the Memorial Day weekend, the same threat actors conducted a ransomware attack on JBS Foods, which affected the company’s food production facilities in the United States, causing all production to stop. JBS Foods paid the $11 million ransom for the keys to decrypt files and prevent the release of data stolen in the attack.

Prior to that, over the Mother’s Day weekend in May, the DarkSide ransomware gang conducted its attack on Colonial Pipeline, which resulted in the fuel pipeline serving the Eastern Seaboard being shut down for a week. Colonial Pipeline paid a $4.4 million ransom payment to accelerate recovery from the attack.

The ransomware threat actors behind the cyberattacks on Kaseya, Colonial Pipeline, and JBS Foods have shut down their operations, but threat actors rarely remain inactive for long. It is common for them to remerge with a new ransomware operation after a period of apparent dormancy. There are also many other ransomware threat actors that are currently highly active that may try to take advantage of the absence of key staff over the holiday weekend.

The ransomware actors behind the Conti, PYSA, LockBit, RansomEXX/Defray777, Zeppelin, and Crysis/Dharma/Phobos ransomware variants have all been active over the course of the past month and attacks involving those ransomware variants have frequently been reported to the FBI over the past 4 weeks.

While neither CISA nor the FBI have discovered any specific threat intelligence to indicate a ransomware or other cyberattack will occur over the Labor Day weekend, based on the attack trends so far this year, there is an increased risk of a major cyberattack occurring.

Consequently, the FBI and CISA are advising security teams to be especially vigilant in the run up to the Labor Day weekend, and to ensure that they are diligent in their network defense practices, engage in preemptive threat hunting on their networks, follow recommended cybersecurity and ransomware best practices, and implement the recommended mitigations to reduce the risk of ransomware and other cyberattacks.

Those mitigations include:

  • Make an offline backup copy of data and testing backups to ensure data recovery is possible
  • Not clicking on suspicious links in emails
  • Secure and monitor RDP connections
  • Update operating systems and software and scan for vulnerabilities
  • Ensure strong passwords are set
  • Ensure multi-factor authentication is implemented
  • Secure networks by implementing segmentation, filtering traffic, and scanning ports
  • Secure user accounts
  • Ensure an incident response plan is developed

Recommended best practices, mitigations, and resources are detailed in the alert, which can be found on this link.

The post FBI & CISA Warn of Increased Risk of Ransomware Attacks over Labor Day Weekend appeared first on HIPAA Journal.