TL/DR –
The New York State Department of Health (NYS DOH) has issued a cybersecurity advisory warning healthcare providers of an increased risk of cyberattacks due to recent U.S. strikes on Iranian nuclear facilities. The advisory recommends healthcare providers to strengthen their IT security controls against known attack techniques, such as DDOS, Ransomware, and Website Defacement and to report any cybersecurity incidents within 72 hours. The Department of Homeland Security’s Cybersecurity & Infrastructure Security Agency (CISA) notes that healthcare data is particularly valuable to threat actors for identity theft, blackmail, and fraud, making the healthcare sector especially vulnerable to such attacks and their potential consequences.
Heightened Cybersecurity Threat Alert for Healthcare Providers Following U.S. Strikes on Iranian Nuclear Facilities
In light of recent U.S. strikes on Iranian nuclear facilities, the New York State Department of Health (NYS DOH) warns healthcare providers of increased cyberattack risk with a new cybersecurity advisory. This warning echoes similar alerts by the U.S. Department of Homeland Security and other intelligence agencies.
Recommended Cybersecurity Measures
The Advisory encourages healthcare providers to enhance physical and IT security controls to counter known cyberattack methods such as:
- Distributed Denial of Service (DDOS) attacks;
- Ransomware attacks;
- Website Defacement incidents.
The Advisory also recommends disconnecting operational technology (OT) from the public internet, changing default passwords, using strong unique passwords, securing remote network access, and implementing network segmentation. NYS Cybersecurity regulations mandate reporting of cybersecurity incidents to the NYS DOH within 72 hours of detection.
Specific Risks in Healthcare Industry
As per the U.S. Cybersecurity & Infrastructure Security Agency, healthcare providers are particularly vulnerable to cyberattacks due to the large amounts of sensitive, regulated, and monetizable data they hold. Moreover, any system outage can seriously impact patient care, making healthcare organizations attractive targets for cybercriminals.
Proactive preparation against these cybersecurity threats is crucial. Failing to adequately prepare or respond can result in enforcement actions, lawsuits, reputational damage, and loss of patient trust and revenue.
Experienced cybersecurity, privacy, and healthcare legal counsel can help mitigate risks. Crowell & Moring offer services to manage these risks, both proactively and during a potential cyber incident. Contact information is available on their website.
—
Read More Health & Wellness News ; US News