Cybersecurity and ransomware: Tips, tactics, and updates

In its May 12th Executive Order, the White House stated, “The United States faces persistent and increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.” This Executive Order followed the May 7th Colonial Pipeline ransomware attack, which underscored the vulnerabilities of the government and energy industry participants.

The healthcare industry is likewise plagued by a myriad of cybersecurity-related attacks, including ransomware. First, let’s consider a recent criminal indictment, whereby Vikas Singla, a former employee of Gwinnett Medical Center (Lawrenceville, GA) who ran a network security company that offered services for the healthcare industry, was charged with the following:

• Stealing protected health information;
• Disrupting the hospital’s Ascom phone system;
• Accessing Lexmark printers and a Hologic R2 Digitizer;
• 17 counts of intentional damage to a protected computer; and
• Obtaining information by computer from a protected computer.

The hackers went so far as to voice their displeasure with the hospital (GMC) for denying it had been hacked stating, “does GMC have control of this system. The answer is no. The last time we checked, we own their Ascom system and their data.” This arrogance is similar to that of many cybercriminals, including those that prompted CISA, DOJ, FBI, and HHS to publish Joint Cybersecurity Advisory - Ransomware Activity Targeting the Healthcare and Public Health Sector(Updated October 29, 2020), in light of six ransomware attacks against hospitals across the United States. The primary tactics utilized to infect systems with ransomware for financial gain were Ryuk and Conti. The primary activities “include credential harvesting, mail exfiltration, cryptomining, point-of-sale data exfiltration, and the deployment of ransomware.”

In light of the heightened awareness and the increased proclivity of attacks, the National Institute for Standards and Technology (NIST) published Tips & Tactics Ransomware, which includes quick steps persons can immediately take to reduce the threat of a ransomware attack:

1. Use antivirus software consistently;
2. Keep computer patches up-to-date;
3. Block access to ransomware sites by installing the appropriate software and services;
4. Allow only authorized apps on computers, tablets, and smart phones;
5. Restrict personally-owned devices;
6. Use standard user accounts versus accounts with administrative privileges whenever possible;
7. Avoid the use of personal apps and website on company or work computers; and
8. Train the workforce to be aware of unknown sources, social engineering, and be sure to run an antivirus and/or look at links carefully.

Every person has an obligation to do his or her part to protect corporate IT systems. With remote working scenarios, many companies and individuals were lacking to ensure appropriate technical, administrative, and physical safeguards. In sum, and as a reminder, failing to take relevant precautions, can lead to government enforcement actions, class action lawsuits, and potential criminal cases.

_{About the Author}

_{Rachel V. Rose, JD, MBA, advises clients on compliance and transactions in healthcare, cybersecurity, corporate and securities law, while representing plaintiffs in False Claims Act and Dodd-Frank whistleblower cases. She also teaches bioethics at Baylor College of Medicine in Houston. Rachel can be reached through her website, www.rvrose.com.}