Hospitals and other health care organizations need to tighten up their email security protocols and boost their anti-phishing training to fend off growing cyberattacks that use requests for COVID-19 data to try to penetrate IT systems.
CEOs at several Massachusetts hospitals recently received requests for COVID-19 statistics in emails that appeared to come from US Department of Health and Human Services. However, the emails included external links that resembled those that injected ransomware into other healthcare systems in September and took them offline. At least one affected Mass. hospital completely shut down its email for a day so its IT security team could sequester and examine every attachment for malware.
A malware attack that shuts down health care systems is a matter of life and death. In fact, the September attack caused fatal delays in care for a patient who’s believed to be the first ransomware-linked death. So security experts are advising a multi-layered defense that includes email filtering, regular offline data backups, infrastructure upgrades, and robust training to help employees recognize and respond to phishing attacks. Contact Xantrion to find out how we can help you keep your hospital’s IT systems healthy.