The Federal Bureau of Investigation (FBI) and two federal agencies
are warning of an "imminent cybercrime threat" to US hospitals and health care providers, noting that several hospitals across the country have already been hit with malware that can lead to ransomware attacks, data theft, and disruption of healthcare services. The agencies recommend several mitigation steps and best practices for health care entities to take to reduce their risk, including the following:
- Patch operating systems, software, and firmware as soon as manufacturers release updates.
- Regularly change passwords to network systems and accounts and avoid reusing passwords for different accounts.
- Use multi-factor authentication where possible.
- Disallow use of personal email accounts.
- Disable unused remote access/Remote Desktop Protocol (RDP) ports and monitor remote access/RDP logs.
- Identify critical assets; create backups of these systems and house the backups offline from the network.
- Set antivirus and anti-malware solutions to automatically update; conduct regular scans.
The AMA and the American Hospital Association (AHA)
have created two resources to help physicians and hospitals guard against cyber threats. Those resources and additional cyber security information can be found at the AMA’s cybersecurity webpage