Healthcare organizations are facing a major threat. You can fight back
During a recent 90-day period, Yale New Haven Health’s cybersecurity software flagged 33 million emails coming into the health system as “bad” and stopped them from reaching employees.
Thirty-three million. Further investigation showed that 6.4 million of those emails were legitimate. The remaining 27 million were designed to trick employees into clicking a link or opening an attachment that could unleash malware into the employees’ computers and possibly YNHHS’ systems.
Malware – short for “malicious software” – can shut down computers, steal sensitive information (including protected health information), erase or encrypt data and even take over a computer network.
Since Oct. 28, 2020, YNHHS and other healthcare organizations have been on alert for a particularly “ruthless” malware attack. This one involves ransomware, which invades computer networks and locks files or entire systems. The cybercriminals launching the attack then demand money to unlock the files.
These recent ransomware attacks have occurred at more than 40 U.S. healthcare organizations, costing millions in ransom, lost revenue and/or recovery measures. Worse, the attacks have disrupted patient care, delaying appointments and test results and crippling the electronic medical record.
“Yale New Haven Health fends off cyberattacks 24/7, so this latest ransomware threat is not new to us,” said Glynn Stanton, YNHHS chief information security officer. “What is different is that we’re now dealing with it during a global pandemic. The level of maliciousness in these attacks during a time when we are already stressed is completely irresponsible.”
Already working overtime to help YNHHS handle the surge in COVID-19 patients, Information Technology Services has had to tighten cybersecurity and update response and recovery plans in light of the latest ransomware threat.
YNHHS’ cyberattack preparations fit into four main categories: technical controls, planning, sustaining operations and recovery. Technical controls include restricting employees’ internet access, filtering emails and requiring employees to use multi-factor authentication (through the Duo app, for example) to access YNHHS files or systems.
“We understand these steps can be painful,” Stanton said. “Unfortunately, they are an absolute necessity, especially now.”
The planning component includes holding drills that simulate cyberattacks, and having third-party security companies try to hack into YNHHS systems to reveal any weak spots. ITS also periodically sends mock phishing emails that try to trick employees into clicking links. Recipients who do are reminded never to click links in emails or open attachments unless they know and trust the sender. Links in emails and attachments are the most common tools criminals use to access computers and install malware.
YNHHS receives 20 to 50 phishing attacks per quarter; the largest involved 2,808 email addresses. The shortest time between someone clicking a bad email link to the person’s password being used to attempt to access a network was seven minutes.
The mock phishing emails and education seem to be helping, however. In fiscal year 2014, 15.8 percent of employees targeted in mock phishing campaigns clicked links in the emails. In fiscal year 2019, 2.8 percent of employees clicked a link.
Still, Stanton constantly reminds people to “'Stop. Think. Don’t click the link.' Once you click on something, the sender can take over your machine, and potentially get into our network,” he said. “I want to make sure people understand the magnitude of this.”
Bad emails: What to watch for
- If you see an email from someone you do not know and trust, and that email contains an attachment or link, do NOT open the attachment or click the link.
- Be aware that phishing and malware emails have become more professional-looking. The attachment at right was part of a legitimate-looking email. Clicking “view download” would unleash ransomware. When in doubt, do NOT click links or open attachments.
- Look for the “external email” banner, which can indicate a phishing or other “bad” email:
- If you suspect you have received a phishing or ransomware email, copy the email and send it to the ‘SPAM’ email address (Type SPAM into the To: line), or call the ITS Service Desk, 203-688-HELP.