Healthcare organizations, including senior living communities, must remain vigilant against cyber attacks by Russian and North Korean-backed hacker groups, a global advisory firm said Tuesday.
A report from Willis Towers Watson detailed federal concerns about such attacks, noting the complexity providers face when preparing for and fending off such dangerous incursions.
Senior living communities and nursing homes are often at high risk for cyber attacks — and often are considered one of the most-attacked industries, research shows.
“The healthcare industry faces threats from sophisticated state-sponsored actors which adds a level of complexity to preparing for and responding to these incidents,” the report states. “Having a clear understanding of these threats, the compliance issues associated with them and having a risk transfer strategy is imperative.”
WTW added that, although ransomware attacks declined last year, recent alerts mean the healthcare industry should still be cautious.
Earlier this year, the Department of Health and Human Services identified new healthcare cyber security threats coming from Russian and North Korean groups. HC3, an organization established by the Department of Health and Human Services to combat cyber attacks, issued an alert about the pro-Russian hacktivist group ‘KillNet,’ which has its sights set on healthcare and public health records. The group previously hacked data from airline websites.
In February, an advisory from the US Cybersecurity and Infrastructure Security Agency said that North Korean state-sponsored actors were using ransomware to target the healthcare sector.
The advisory was issued as part of the agency’s #Stopransomware effort, an initiative to provide resources to organizations, including healthcare, that are affected by cyber attacks. Ransomware is a form of malware designed to encrypt files (such as patient records, personal information or other data) on a device, rendering any files and the systems that rely on them unusable. Bad actors then can use the data in identity theft or other schemes.
Senior living and care organizations can visit stopransomware.gov to keep tabs on new advisories and access educational resources to curb cyber threats, including tips and best practices on how to respond to and report cyber attacks.
Patient data are especially valuable to bad actors. Nursing homes, in particular, often are the target of cyberattacks, with criminals targeting third-party vendors or facilities to get access to resident and employee data to steal identities or commit fraud.
Cyber criminals prey on the healthcare industry because of its sensitive and expensive data and lack of network security, according to Cybersecurity company NordLayer’s recent research. Most breaches are caused by hacking, while human error accounts for 20%, the study showed.
