The Cybersecurity and Infrastructure Security Agency (CISA) issued a warning on July 7, 2023, about increased cyberattacks targeting healthcare organizations. The attacks are using a variety of methods, including phishing, ransomware, and social engineering. CISA recommends that healthcare organizations take steps to improve their cybersecurity posture, such as implementing multi-factor authentication and conducting regular penetration testing.
According to CISA, the healthcare sector has experienced a surge in cyberattacks since the beginning of the COVID-19 pandemic. The attackers are exploiting the increased demand for healthcare services, the remote work environment, and the reliance on digital platforms to deliver patient care.
CISA warns that these cyberattacks can have serious consequences for the healthcare sector and public health. The cyberattacks can affect the availability and quality of healthcare services, as well as endanger the safety and well-being of patients and staff. Cyberattacks can also cause financial losses, reputational damage, and legal liabilities for healthcare organizations.
To safeguard against cyber threats, CISA recommends healthcare organizations take the following cybersecurity measures: Implement multi-factor authentication for all accounts and systems accessing sensitive data, perform routine penetration testing and vulnerability scans, educate staff on recognizing and avoiding phishing and social engineering attempts, regularly back up and encrypt data in secure locations, and promptly report any suspicious activity to CISA and law enforcement for investigation and assistance.
CISA also offers a range of resources and tools to support healthcare organizations in enhancing their cybersecurity awareness and resilience. These resources include the CISA Cyber Essentials guide outlining crucial actions for reducing cyber risks, the CISA Ransomware Guide with best practices for ransomware prevention and response, the CISA StopRansomware.gov website offering guidance on protecting and responding to ransomware attacks, and a collection of healthcare-specific cybersecurity resources from CISA.
CISA urges healthcare organizations to take these measures seriously and act swiftly to enhance their cybersecurity posture. By doing so, they can protect their systems, data, patients, and staff from cyberattacks that threaten their operations and public health.
