Cybercrime Threat to U.S. Hospitals & Healthcare Providers

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.  

CISA, FBI, and HHS have released AA20-302A Ransomware Activity Targeting the Healthcare and Public Health Sector that details both the threat and practices that healthcare organizations should continuously engage in to help manage the risk posed by ransomware and other cyber threats.

One of the advantages of the Sevocity® software as a service model is that customers do not have patient health information residing on their computers or servers that can be encrypted and held for ransom by bad actors. All Sevocity patient data resides on Conceptual MindWorks, Inc. servers protected under multiple layers of administrative, technical, and physical controls effective against the ransomware identified in this CISA, FBI, and HHS advisory. Even if a practice is infected by ransomware, its patient data in Sevocity will maintain its confidentiality and integrity. It will continue to be readily accessible from any uncompromised computer with a new or existing Sevocity installation.  

While your patient data is safe with Sevocity, your practice may still be at risk of being infected with ransomware. To best protect your computers and network, follow these best practices of cyber hygiene:

  1. Install and maintain reputable antivirus and malware software
  2. Use network firewalls
  3. Update software regularly to ensure you have the latest security patches
  4. Set strong passwords
  5. When you have the option, use multi-factor authentication
  6. Encrypt your computer hard drives and removable storage media
  7. Back up your files regularly to site or media that is external to your device/network
  8. Secure your router by changing the name and password that came from the manufacturer and selecting WPA2 or WPA3 encryption.
  9. Train everyone in your practice to recognize phishing emails and think before clicking a link or attachment in the email.

Remember, it’s smart to practice good cyber hygiene habits. If you follow these nine rules, you’ll be on your way to creating cyber habits that may help keep you safe and secure online.

Other useful resources:

Joint CISA MS-ISAC Ransomware Guide

Fact Sheet: Ransomware and HIPAA

CISA Ransomware webpage