Skip to main content

Health And Emergency Services Face Increased Cyberattacks

An illustration of cybersecurity concept with people, shield, lock, and digital elements.

January 4, 2023 | Hannah Pittman

Also, learn about new government guidelines including the ‘311’ Plan in the works from CISA

Recently, public entities have found themselves on the receiving end of cyberattacks due to a combination of factors that make them appear vulnerable and easy targets to cybercriminals.

Cybercriminals know that public entities provide essential public services while some—especially smaller organizations—have little or no IT support. Specifically, health services, ambulance and EMS, and 911 districts have found themselves facing an onslaught of cyberattacks.

911 Districts

Cyberattacks on 911 centers have cost these organizations a large, unforeseen amount of time and money to recover. New generation (NG) 911 systems have gained popularity over the past few years – they are implemented to make emergency responses smarter, faster, and more resilient, as well as provide upgraded equipment and software vendors.

The move to incorporate NG 911 only makes 911 centers more vulnerable due to the introduction of “an Internet protocol-based mesh network to handle multimedia data” including IP addresses which are target gateways for potential cyberattacks.

Annual assessments from third-parties to test a center’s NG 911 is essential for evaluating how well protected their system is.

Ambulance/EMS Districts

Recent reports of cyberattacks on EMS (Emergency Medical Services) providers have been followed by data breaches of service users. New York’s Empress EMS disclosed an attack and breach of information earlier this year.

The hackers performed a double-extortion ransomware attack – they gained personal information from customer files and threatened to expose them if Empress did not pay a ransom to the attackers.

Health Services and Hospital Districts

Astronomically rising cases of COVID-19 led to many hospitals reaching patient over-capacity. Inadvertently, this created an opportunity for hackers to take advantage of the vulnerable security systems in place at these facilities when the focus on the treatment of an unforeseen number of patients became more urgent than ever.

Health IT is a large interconnected system using wireless technology – making them more vulnerable to cyberattacks. Several instances of cybersecurity breaches have been reported since March 2020, including ransomware attacks, the downing of critical systems, and attacks against major health organizations like the World Health Organization and the U.S. Department of Health and Human Services.

Health Care Systems are being attacked for a few reasons. Some cybercriminals seek to exploit vulnerable systems because of profit motivation. They also perform personal cyberespionage attacks to get information relating to tests and vaccines for intellectual property to have an upper hand in competition for a cure.

CISA & New Government Guidelines

The Cybersecurity and Infrastructure Security Agency (CISA) has announced their plan to create a ‘311’ cybersecurity emergency call line for small businesses with limited available finances, providing before and immediate-upon-attack cybersecurity training.

Additionally, education and training for students on basic cybersecurity would provide additional prevention measures for cyberattacks creating a “cyber civil defense” force.

A national cybersecurity alert system would further allow for more effective location tracking and size of the cyberattack threat facing a region. As a result of recent global ransomware attacks, organizations across sectors have come together to discuss formal across-organization procedures of how these attacks can be mitigated in the future.

Recently, the FBI and CISA implemented the Joint Ransomware Task Force, created to focus law enforcement actions on ending ransomware attacks for U.S. organizations.

Following a committee with CISA, the White House passed new cybersecurity guidelines with the purpose of protecting and improving the security of the software supply chain to federal agencies.

Three major guidelines will be implemented moving forward:

  • The National Institute of Standards and Technology (NIST) will be responsible for software accreditation.
  • Private vendors selling software to state and federal entities and agencies must have accreditation.
  • Agencies must ensure inventorying of all software in 90 days. Further, accreditation for critical and non-critical software must be furnished within 270 and 365 days, respectively.

The Biden Administration plans to increase efforts to push last year’s May 12th executive order beyond what it was intended for – strengthening America’s defense against cyberattacks.

New methodology for defense against cyberattacks include protecting against attacks from other countries, prioritizing and modernizing cybersecurity to improve, prevent, detect, assess, and remediate cyberattack incidents, and eliminate communication barriers to improve the movement of information between major agencies—namely the Intelligence Community (IC), CISA, and the FBI but also other agencies that are integral parts of federal cybersecurity procedures.

Upon evaluation that federal agencies are using obsolete, ambiguous, and inadequate security software, President Biden’s executive order called on NIST to provide oversight for the quality of new software.

Furthermore, CISA guidelines are enforcing a “compartmentalized administrative environment, trust relationship audits, and multi-factor, risk-based authentication” across agencies. Under the executive order, all agencies must purchase software from a NIST-approved list, obtain cybersecurity information and approval for existing software, and carry out performance assessments and updates to maintain NIST-approval.

Put Your Staff on Alert

Cybersecurity is a team effort – not just an IT responsibility. It impacts the mission, business, safety, and programs of every organization.

One of the best tools at any organization’s disposal is their staff, supervisors, and managers, since even the most secure system can still be breached if employees are not aware of the risks they pose.

eRisk Hub cyber resource portal is available to all organizations and employees that are a member of the CSD Pool. You can access individual training, tips for personal cybersecurity, and cyber webinars. For more information on how to sign up and get your staff access, visit www.csdpool.org/erisk-hub.

News

Industry and membership news tailored to Colorado special districts.