A letter from Owensboro Health CISO, Jackie Mattingly
Clearwater experts have written previously about the need to make every month cybersecurity awareness month, and the importance of ongoing vigilance is especially evident right now.
This past week, the United States Cybersecurity and Infrastructure Security Agency (CISA) issued a “Shields Up” alert for American organizations, alerting that U.S. systems could face Russian cyberattacks amid the conflict with Ukraine. CISA advised organizations to adopt a heightened posture when it comes to cybersecurity and protecting their most critical assets.
Cybersecurity considerations noted by CISA included:
- If working with Ukrainian organizations, closely monitor traffic for anomalous activity.
- Inventory your organization’s assets, endpoints, and networks passing through Ukraine and Russia.
- Monitor and detect anomalous traffic originating in Ukraine and Russia.
- Validate that remote access to your network requires multi-factor authentication.
- Disable nonessential ports and protocols.
- Protect all endpoints with antivirus/antimalware and update detection signatures regularly.
More specific to the healthcare industry, the Health Information Sharing and Analysis Center (H-ISAC) noted on Friday, Feb. 25:
“Healthcare companies were heavily affected during the NotPetya incident in 2017, but there is no current evidence that suggests that Russian operatives intend to launch a similar NotPetya-style attack.
“However, nation-state actors are likely to equip both notable vulnerabilities, like the recently observed Log4Shell vulnerability, and potentially undisclosed vulnerabilities to launch future attacks.”
In addition, the American Hospital Association advised member organizations to implement several protection and mitigation strategies, including:
- Increasing network monitoring for unusual traffic
- Heightening staff awareness of malware-laden phishing emails
- Implementing geo-fencing for all inbound and outbound traffic originating from, and related to, Ukraine and its surrounding region Identifying all internal and third-party mission-critical clinical and operational services and technology, and putting into place business continuity plans and downtime procedures
- Documenting, updating and practicing a cyber incident response plan
We encourage you to review these previously published Clearwater blogs that provide guidance on many of the strategies that have been outlined:
EHRs and Ransomware: Protecting Your Crown Jewel
Getting Proactive About the Ransomware Threat
Effective Network Segmentation Strategies to Fend Off Cyberattacks
7 Ways to Ensure Your Incident Response Plan Is Incident-Ready
Reach out to Clearwater at any time at info@clearwatercompliance.com if questions or concerns arise.
As I touched on at the beginning of this blog, now is another appropriate time to remind colleagues about cybersecurity best practices. In the interest of helping others across the industry in this difficult time, Owensboro Health CISO Jackie Mattingly, a board member for the Association for Executives in Healthcare Information Security (AEHIS) and a Clearwater Customer, has given us permission to share the message she sent to Owensboro colleagues this past Thursday as the Russia-Ukraine conflict escalated.
Thank you to Jackie for her willingness to share the work that she and her team are doing.
The Message from One Leading Health System CISO to Colleagues
SUBJECT: Heightened Security Events Between Russia and Ukraine
In light of the recent events between Russian and Ukraine, Owensboro Health’s Cyber Security, along with our Information Technology (IT) team would like to remind our team members that cybersecurity is a shared responsibility, and we ask that you practice a heightened level of awareness when interacting with Owensboro Health’s technology.
The United States Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and the National Security Agency (NSA) released a joint Cybersecurity bulletin asking all critical infrastructure sectors, healthcare being one, be on high alert.
When interacting with your email, practice a safe culture by utilizing your target zero tools and being extremely cautious before:
– clicking on a link
– downloading an attachment
– sending sensitive information
It is vital that all team members remain vigilant against email phishing attempts. Phishing leverages human emotions to trigger a response, which attackers want. Attackers will attempt to convince you to perform these actions by creating a fraudulent scenario, such as offering money/gifts, threatening you with late fees, or claiming that your account has been locked due to fraudulent activity. They may even impersonate an OH team member to gain your confidence. When in doubt about the legitimacy of an email, always contact the sender directly to confirm they sent it. Never respond to, click a link or download an attachment from an unexpected email.
From an organizational standpoint, these attacks are tremendously effective and dangerous. All it takes is one click to infect our systems or bring our healthcare operations to a halt, which can quickly become a patient safety issue.
From a personal standpoint, falling for a phishing scam could lead to identity theft, which in turn leads to financial loss and hardship.
It’s important to remember that cybercriminals have no bias; they’ll target anyone, anywhere, at any time.
Thank you,
Jackie Mattingly, CISO
Owensboro Health, Inc