Since the start of the year, the FBI and the Cybersecurity and Infrastructure Security Agency have issued several warnings about malicious actors exploiting software vulnerabilities to extort companies.
To keep your hospital safe, CISA has recommended the following measures to reduce the frequency of cyberattacks.
Eighteen tips to protect your hospital from emerging cyberattack campaigns:
1. Regularly back up data and have password protections for backup copies offline. Ensure critical data is not able to be modified or deleted from the network it is on.
2. Implement network segmentation by splitting the network into subnetworks.
3. Require administrator credentials to install software.
4. Install patch updates as soon as they are released.
5. Implement a recovery plan to maintain critical data offline or on a different network.
6. Audit user accounts with administrative privileges and allow access controls with the least privilege necessary.
7. Add an email banner to messages coming from outside your organizations.
8. Provide ample training to employees on cyberthreats like phishing attacks, and consider updating a policy addressing suspicious emails that says users must report all suspicious emails to security and/or IT departments.
9. Regularly change passwords and implement the shortest acceptable time frame for password changes.
10. Monitor websites visited and restrict users' access to suspicious or risky websites.
11. Implement an antivirus program and a formalized patch management system.
12. Implement filters at the email gateway to block suspicious IP addresses.
13. Implement an intrusion detection system to detect malicious network activity.
14. Review logs for unauthorized authentication.
15. Look for unauthorized applications and scheduled tasks in the environment.
16. Keep up to date with the latest threats and implement appropriate access control lists.
17. Consider using application allowlisting technology to ensure only authorized software is executed, blocking all unauthorized software.
18. Ensure no new administrators were created and no non-privileged users were added to any privileged group.