What Iran’s Cyber Attack On Boston Children’s Hospital Means For Your Healthcare Organization

Wednesday, June 1^st, At a Boston College cybersecurity conference hosted by Mintz, FBI Director Christopher Wray stated that investigators prevented a planned attack on Boston Children’s Hospital by Iranian government-sponsored hackers. The FBI director told the story as part of a bigger speech about cyber threats from Russia, China, and Iran, as well as the importance of government-private partnerships.

What Happened

In the summer of 2021, the FBI received a tip from an intelligence partner that hackers sponsored by the Iranian government were targeting the Boston Children’s Hospital. The cyber squad in the FBI Boston Field Office raced to notify the hospital. Over a 10-day period, worked with the hospital in response to the threat

Wray didn’t say why the hospital attack was planned, but he did say that Iran and other governments have been hiring cyber mercenaries to carry out attacks on their behalf. Furthermore, the US government has identified the healthcare and public-health sectors as one of 16 critical infrastructure sectors. Healthcare providers such as hospitals are considered easy targets for hackers.

It wasn’t clear if the hackers planned to target the hospital with ransomware, shut down the hospital operations with a virus, or sell the data on the black market.  That’s because the FBI caught the attack early enough to prevent any damage to the network or the hospital’s data. The FBI declined to discuss the specific nature of the attack in detail, citing security reasons.

Nevertheless, the FBI issued a warning in November saying Iranian government hackers had breached the “environmental control network” at an unidentified children’s hospital in the United States last June. Leading many to assume the same was targeted in Boston. The environmental control network refers to the hospital’s HVAC system.

What it Means

In the case of ransomware, hospitals can face devastating system shutdowns. Patient data can be made inaccessible to hospital staff, it can be damaged, or it can be stolen and sold. A ransomware attack compromised a Vermont hospital’s patient record system in October 2020, and patients have turned away as a result.

Nation-states and hacker groups are probing healthcare organizations and looking for areas to exploit. This past November, the Cybersecurity and Infrastructure Security Agency issued an alert for an Iran-sponsored hacker group targeting healthcare. As the Russia-Ukraine war drags on, federal agencies say U.S. healthcare organizations need to be “shielded up” to mitigate against potential foreign threats.

The FBI is “racing” to warn possible healthcare targets of data breaches when it comes to Russia and other state-sponsored attacks. According to Wray, China’s hackers have stolen more business and personal data from Americans than all other countries combined as part of an enormous geopolitical ambition to “lie, cheat, and steal their way into global denominations of global industries.”

All hospitals and healthcare organizations must sit up and take notice. It is not only hacktivist groups and employees they need to worry about, today. But nation-states as well.

Protected Harbor’s Take On The Issue

Protected Harbor has been monitoring the situation for a long time and continues to emphasize cybersecurity. Richard Luna, CEO of Protected Harbor, said this is a severe issue, and we advise all our clients to take precautionary measures and make sure their systems are secure and protected.

He suggested 3 simple tips to harden your servers, which every company should implement immediately.

1. Update the operating systems on your servers regularly.

The most crucial action you can take to secure your servers is to keep their operating systems up to date. On a nearly daily basis, new vulnerabilities are discovered and publicized, with the potential for remote code execution or local privilege escalation.

2. Enforce The Use Of Strong Passwords

Enforcing the usage of strong passwords across your infrastructure is an important security measure. Attackers will have a harder time guessing passwords or cracking hashes to obtain unauthorized access to sensitive systems. A smart place to start is with 10-character passwords that include a mix of upper and lowercase letters, numbers, and special characters.

Password guessing attacks can be stopped by combining a strong password policy with a powerful account robust policy that locks accounts after a few erroneous tries.

3. Use local protection mechanisms such as firewalls and anti-virus software.

Local protection measures and estate-wide controls like patching, domain configuration, and border fire-walling are critical for offering a defense-in-depth approach.

The chance of unneeded default services being exposed to the broader network is reduced when a host’s local firewall is configured correctly. Even if your patching schedule has fallen behind, it will still prevent an attacker from accessing critical network services. While not fool proof, this all-or-nothing strategy can distinguish between compromise and attacker frustration.

With so much at stake, it’s essential to ensure your business has a robust IT audit plan. With the help of a trusted IT auditing company like Protected Harbor, you can be sure that your systems are secure and functioning at peak efficiency. Because The FBI won’t always be there, but Protected Harbor will.

Sign up to get a risk-free IT Audit and see how you can improve your security. We will analyse your business from top to bottom and give recommendations on making your company safer. What are you waiting for? Get Protected!

Wellstar Health System Reveals Data Breach

Wellstar Health System announced on Friday afternoon that its email system had been hacked.

Well, it happened again. A data breach occurred at yet another healthcare firm. This time, it was Wellstar Health System. Unauthorized attackers obtained access to two email accounts two months ago, the organization discovered on Friday. Through those email accounts, gained access to patients’ health care information and it was exposed, including patient laboratory information. They missed the 2021 Healthcare Data Breach Trend Report from Protected Harbor at HIMSS.

Emails are one of the most common ways that hackers access sensitive information. This is because people often use their work email for personal purposes, so it is easier to get access to it. Hackers can use different methods and tricks to an email account. They might trick health workers into sharing their passwords, or they could send them a virus that tries to steal employee passwords from company computers.

If you are reading this, you understand that it’s essential to keep any critical emails secure when handling sensitive information. After all, Patient Health Information (PHI) and Electronic Health Records (EHR) can earn a few hundred dollars each on the dark web. That means healthcare employees are more targeted by hackers. And still, many healthcare organizations are not taking the proper steps to protect company email from hacking.

This article will go over how to defend yourself against important threats and what email security precautions you should take.

Install the Right Software

One of the essential email security precautions you can take is installing the right software to protect your emails. Many software options offer various levels of protection, so find out which one will work best for your needs. If you’re in healthcare, consider higher levels of security because you have a lot more sensitive information. Healthcare IT staff may also want to invest in Malwarebytes, a well-rounded antivirus solution, to provide another layer of protection against hacking.

Spam Hero is a software that looks for spam scans messages for infections before it reaches the Stopping malware emails before reaching an inbox can help keep hackers out of any sensitive documents you may come across in the future. Think how many emails with attachments are sent each day; if they were all scanned before recipients could open them, this would significantly decrease the chances of hackers getting a hold of sensitive information like PHI and EHR.

Monitor Your Inbox Activities

One of your email inboxes has received ten emails in one day. However, you only get about two a day, you do not remember sending out any emails that day, and it’s a Sunday. Is there a cybersecurity breach on your network? It could indicate that someone is trying to gain access to company information and has begun by accessing people’s email accounts. Monitor account activity regularly, and if you notice anything suspicious, have a playbook to implement additional security measures if you see something odd. Set up a new email address if necessary and measures such as multifactor authentication or changing all passwords. It is also important to routinely change passwords, even when there is no evidence of a breach; no system is perfect, and it’s better to be safe than sorry!

Educate your Employees & Staff

As exposed recently, hackers find new ways to trick healthcare employees into giving up sensitive information. Here are four easy things every HCIT department can do to improve their company’s employee cyber safety awareness:

1. Encourage employees to come forward if they suspect an email of being bogus.
2. Educate employees on what dangerous emails might look like. A recent study showed that over a quarter of doctors could not identify a malware email.
3. Tell your employees not to open attachments unless 100% confident that it is a trusted source. Installing a filter those auto-checks attachments is even better.
4. Have an Email Password Checklist for all of your employees.

We all have complex emails, but make it a requirement, set up failsafes to avoid re-used passwords, and help make it easier for your staff with some tips and how-tos. These simple tips will help protect against email cyber-attacks.

Use Two-Factor Authentication

Two-factor authentication is a great way to add an extra layer of security to your online accounts and protect yourself against email cyber-attacks. 2FA prevents hackers from simply guessing passwords and lets you focus on protecting other healthcare network vulnerabilities. By implementing these simple steps, you can protect your business and its data without adding too much time or hassle into everyday workflows.

One of the easiest ways to protect yourself from hacking is to turn on two-factor authentication. 2FA will help ensure your information is more secure, and it doesn’t take much more time or effort than what you were doing before.

You might think it’s unnecessary to use two-step verification when you already have high-end cybersecurity software, but that is not true. Software and two-step verification work together to make sure your information is safe. A bad actor can bypass a security measure, so it’s necessary to have other protections in place too. This is where software and 2FA come in handy again.

Use Encryption

One of the most effective ways to protect yourself from hackers is by using encryption. Encryption scrambles the content of your email so that only you and the intended recipient can read it. It means that if a hacker does manage to intercept your email, they won’t be able to understand what it says. Even if they could break the encryption, any sensitive information in your email will be rendered indecipherable.

One such solution is ProtonMail, a secure email service that encrypts all of your messages by default. The only person who can decrypt your email is someone you sent it to or someone in the same organization (if they have a shared account).

Protect your Physical Computer and Network

Cybersecurity does not produce images of big burly security guards, but physical computer and network safety are just as crucial as virtual. This means having physical security checkpoints at entrances and exits of your healthcare organization. It would help if you also were careful about which devices employees plug into the network. Just because a power strip is plugged in doesn’t mean that it’s safe to plug in their mobile device.

Auto-lock and Remote Wipe Apps

Just think of how many texts you receive each day. You might likely be one of the unlucky people who have had their phone hacked. All someone needs to do is get a hold of your phone, and they can easily access any sensitive information on it, including work passwords. It may seem like locking your phone is a no-brainer, but not every employee does it. If your company hands out company phones or lets employees use their personal phones for work email, then decrease the auto-lock time to 30 seconds and install remote wiping.

Remote wipe is a security feature that allows a network administrator or device owner to send a command to a computer device that erases data. It’s usually used to wipe data from a lost or stolen device so that the information isn’t jeopardized if it comes into the wrong hands. It can also be used to erase data from a device that has changed owners or administrators and is no longer accessible physically.

Closing Thoughts

There are no easy answers when it comes to healthcare cybersecurity and email security. All of the things described above, and more, could have been performed by Wellstar Health System. Finally, attacks are growing more sophisticated, data is becoming more readily available, network connection points are rising, and healthcare IT professionals are being spread thin. When it comes to safeguarding your healthcare networks and servers, the first step is to determine which employees have access to sensitive information and which staff require specific data access.

Any strategy must also be adaptable and responsive to changes as they occur. Protected Harbor focuses on more than just software but hardware integration, special application connectivity, and employee workflows to create an always-safe environment. It is likely that at some point, HCIT will need to seek professional help to tackle the security breaches, so it is better to assign the task of managing the system security to an external agency. This way, you will no longer have to worry about data and network security, and your team will be able to focus on medical-related tasks.

An experienced, outside partner can help you see the bigger picture. Protected Harbor has the best practice knowledge on securing managed file transfers, HIPAA-compliant emails, data management, and security. We make sure your data is safe by using robust auditing and encryption technology that meets or exceeds HIPAA requirements for healthcare organizations.

Check out our 2021 Healthcare Data Breach Trend Report from HIMSS and our free eBook Optimizing the Healthcare Stack for Performance to learn more. We are also offering free IT Audits to all healthcare organizations for the next month following this attack. Reach out to schedule one today.

What is the most common cause of healthcare data breaches?

Patient’s medical records are a goldmine for malicious hackers—if they can get their hands on them. According to Cisco Internet Security Threat Report, healthcare is currently the most targeted industry by cybercriminals.

Health data breaches have been on the headlines for a while now. From the crippling breach of Anthem to the compromising of 10 million patient records at UCLA Health — nothing is sacred when it comes to cyberattacks these days. While the impact of security incidents might differ depending on their magnitude, it seems that poorly protected IT systems and hacking/IT incidents are often the biggest culprits in causing privacy and financial setbacks.

Healthcare data breaches are on the rise. Although many are concerned with hacking, several factors could potentially cause a significant healthcare data breach.

Common causes of healthcare data breaches!

Data breaches are becoming more and more common. With the rise of hacking, phishing, malware attacks, and new security regulations, all healthcare organizations need to stay proactive in protecting their data.

The most common cause of data breaches for healthcare organizations is malicious or cyber-criminal attacks. Data breaches can come from various sources, including hackers stealing protected health information (PHI) from an organization’s database, unencrypted devices, or a weak, stolen password. One of the biggest causes of healthcare data breaches is misconfigured medical devices and office equipment. Medical device security remains a major concern for organizations. Click here to know how do breaches happen and how to prevent them?

Hacking/ IT Incidents accounts for 47% of healthcare data breaches making it the #1 cause of healthcare data breaches.
(Source: Electronic Health Reporter)

Patient Data Theft: High risk
Health care industry members are all too familiar with data theft and new methods of exfiltrating information from connected medical devices such as electronic medical records (EMRs) and protected health information (PHIs). IP-enabled medical devices can be easily exploited by experienced hackers because of minimal access controls and known vulnerabilities. A hacker may then take data directly from the medical device, but since medical devices typically contain limited data, he is more likely to go to servers, data centers, or other devices on the network, like the XP workstation that is connected to the electronic medical record. Data breaches in healthcare are defined as theft and loss 32% of the time, compared to only 15% in different industries, 2^nd to Hacking and IT incidents, as per Healthcare drive. With the number of high-profile breaches in healthcare over the past three years, healthcare organizations need tighter controls to mitigate this risk.

What is the cost to your company?

According to IBM’s Cost of Data Breach Report 2021:

• Healthcare organizations spent an average of $161 per breached record in 2021, which is expected to increase in the future.
• On average, it takes 329 days to identify a breach.

The reports show that the cost of data breaches has risen once again, reaching a record high since IBM first published the report 17 years ago. The average cost of a data breach increased by 10% year over year, to $4.24 million per incident and that of healthcare data breaches increased by $2 million to $9.42 million per incident in 2021. The average cost of ransomware attacks was $4.62 million per incident.

How can you avoid a data breach?

• Back up data– Having a proper backup schedule and implementing a secure process to access the off-site data is a preliminary requirement. Confirm that your backup/recovery partner is also HIPAA compliant. Cloud hosting solutions can also be considered for better security.
• Two factor authentication- Multi-factor authentication, also known as 2FA, is a simple concept that can be implemented by companies easily. A key benefit of two-factor verification lies in its very name: it requires two variables to access an account, just as you need two keys to enter a house. The security is therefore twice as strong.
• Safeguard data and devices- Ensure that the tools and policies for security are implemented, securing all the devices accessing your network. Remote monitoring for unauthorized access and unusual activity can opt. Limit and set proper data control and access for the devices.
• Train and educate staff– create a policy for regular security training and practice sessions. Identifying phishing emails, ensuring password complexity, and adhering to anti-malware protocols should be a part of this training. More details

To wrap things up!

Security and compliance are among the top factors healthcare organizations consider when adopting new technologies. Many organizations didn’t or were not able to take the time to strategically align new cloud-based tools and platforms with existing security standards as they transitioned to remote work after the pandemic.
Security and privacy should be a priority when working with technology partners in healthcare. It is a trusted partner’s responsibility to ensure users’ privacy and security, having incorporated a variety of safeguards into their processes, designs, and code, as well as constructing the infrastructure to ensure careful protection of user information. Cisco, Greenway, GE Healthcare, and Protected Harbor are some of the most trusted and reliable healthcare IT solution providers who take pride in their experience of delivering solutions to healthcare and other organizations.