Recently, the American Hospital Association warned that Black Basta, a known ransomware group, would be accelerating attacks within the healthcare sector. The group gained notoriety for their sophisticated attack methods and high-profile targets and typically operates by infiltrating a network, exfiltrating sensitive data, and then encrypting the victim's files.
Healthcare organizations can stay vigilant against threat actors by adopting a comprehensive cybersecurity strategy that incorporates regular testing and 24/7 monitoring. ProCircular also recommends the following:
- Multi-Factor Authentication (MFA): Implement MFA across all systems to add an extra layer of security. But plain MFA isn't enough. Implement phishing-resistant MFA or passwordless MFA for all external access points.
- Employee Training: Conduct regular cybersecurity training to educate staff on recognizing phishing attempts and other common attack vectors.
- Use examples of actual phishing emails as training tools for your staff.
- Remind users that unusual requests or offers, threats, or a sense of urgency are all signs of a phishing email that can be a precursor to an attack.
- Ensure they know to NEVER acknowledge MFA at the prompting of another person if they are not attempting valid authentication themselves.
- Teach them to be suspicious of any external emails and report anything in question.
- Implement flagging: Identify and manage potential threats from outside sources and implement flagging.
- Regular Backups: Ensure that all critical data is regularly backed up and stored securely offline. But also, confirm that your organization has tested (and consistently tests) current backups.
- Monitoring: Use credential monitoring services to track when logins associated with your organization are compromised.
By fostering a culture of awareness, your organization can also ensure that employees are prepared to recognize and respond to potential threats appropriately. These efforts collectively ensure operational continuity and uphold patient trust by protecting sensitive data and maintaining the integrity of patient care and healthcare services. Contact our experts if you have any questions or would like to strengthen your cybersecurity posture.