According to the government publication Public Health Emergency, "the nation depends on the continuity and availability of its healthcare system, especially during disasters and emergencies. Every region in the U.S. subject to many different kinds of infrastructure failures that can be caused by natural threats, including extreme weather, earthquakes and/or wildfires, or man made threats, such as terrorist threats, insider threats or supply chain disruptions.
"If the infrastructure that the healthcare and public health sectors rely on breaks down or stops working, that could disrupt their ability to provide essential services to the public. By protecting our nation's healthcare and public health infrastructure through coordinated efforts, we can better ensure that vital healthcare and public health services are available when disaster strikes.
The following is an excerpt from "The Healthcare and Public Health Sector Highlights-Cybersecurity Edition" from the Week of December 6, 2019.
Ransomware Resources for Home Health and Hospice Organizations
We have been made aware of a ransomware incident that could impact home health and hospice organizations. Recognizing that most of the community relies on 3rd party digital service providers to support operations and/or patient care, below are some resources to help reduce the risks:
- The affected organizations should reach out to their Medicare Administrative Contractor (MAC) to get guidance on how to accelerate payments.
- Ransomware Prevention and Mitigation Guide:1 Developed by the HHS Health Sector Cybersecurity Coordination Center, this guide provides information on what to do to prevent being infected by Ransomware malware and a number of steps that providers can take if infected.
- Health Industry Cybersecurity Supply Chain Risk Management Guide: Developed by the Private Sector Coordinating Council, this document will help health care providers establish a risk management program as it relates to 3rd party service providers. It also includes templates for service provider risk assessment, cybersecurity requirements and language for contracts, and service provider risk management policy.As the Sector Specific Agency (SSA) for Healthcare and Public Health Sector, ASPR’s Critical Infrastructure Protection for the Healthcare and Public Health Sectors shares a number of resources related to the identification and management of risks through this newsletter.
- The ASPR TRACIE Topic Collection on Cybersecurity has many helpful must-reads and trainings on preparation and prevention. The section in response to a Technical Assistance Request offers checklists that healthcare facilities can use once they have been faced with a cyber attack.
- Public Health Emergency is an online publication that recently published an article titled, "Critical Infrastructure Protection for the Healthcare and Public Health Sectors" 2
1 Enterprise defense guidelines
- Do not open suspicious or unexpected links or attachments in emails.
- Hover over hyperlinks in emails to verify they are going to the anticipated site.
- Alert your IT staff if you have any concerns about the legitimacy of any email, attachment, or link.
- Be aware of malicious actors attempting to impersonate legitimate staff, including over the phone, and check the email sender name against the sender's email address.
- Use unique strong passwords or pass-phrases for all accounts as well as multi-factor authentication.
- Do not provide personal or organizational information unless you are certain of the requestor's identity.
- Take advantage of available cybersecurity awareness training.
- Update operating systems and applications and anti-malware software company-wide as soon as they are available.
- Regularly back up all data to secure cloud storage and/or offline encrypted storage media
- Federal government cybersecurity incident reporting information can be found here: https://www.fbi.gov/file-repository/law-enforcement-cyber-incident-reporting.pdf/view?
Advice for Managed Service Providers (MSPs)
- Only allow authentication to remote access software from inside the provider's network.
- Continuous monitoring and logging should be used to monitor connections to MSP.
- Maintain clear and updated picture of what is "normal" on your network.
- Use two-factor authentication on remote administration tools and Virtual Private Network tunnels rather than remote desktop protocols (RDPs).
- Block inbound network traffic from Tor exit nodes ("Tor" is free and open-source software for enabling anonymous communication. The name is derived from an acronym for the original software project name "The Onion Router".) and outbound traffic to "Pastebin" (an online community mainly used by programmers to store pieces of sources code or configuration information).
- Utilize Endpoint Detection and Response (EDR) to detect PowerShell running unusual processes. (PowerShell is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and associated scripting language.)
©2019 by Rowan Consulting Associates, Inc., Colorado Springs, CO. All rights reserved. This article originally appeared in Tim Rowan's Home Care Technology Report. homecaretechreport.com One copy may be printed for personal use; further reproduction by permission only. email@example.com