Cybercriminals are threatening data-extortion plots against the U.S. healthcare system, the FBI and two other federal agencies warned on October 28th. The plots are ransomware cyberattacks designed to lock up hospital information systems, which could lead to data theft and cause significant disruption of patient services as COVID-19 case numbers continue to surge.

At least five American hospitals have been impacted by the cyberattacks this week, and security experts warn that hundreds more may be affected. Experts say that the magnitude of this latest wave of cyber threats is unparalleled, and the cybercriminal group responsible appears to be a Russian-speaking criminal gang.

This latest wave of cyber threats against the U.S. healthcare system is part of a growing trend. A ransomware attack in September slowed all 250 facilities of the Universal Health Services hospital chain. Universal’s doctors and nurses were forced to revert to antiquated recordkeeping methods—the old paper and pencil—while lab work slowed and patient monitoring equipment faltered. So far in 2020, at least 59 U.S. healthcare providers/systems have been affected by ransomware, interfering with patient care at 500+ facilities.

If you find yourself a victim of a ransomware plot, whether in healthcare or not, here are some guidelines to help weather the attack:

1. Engage your in-house and outside counsel.
2. Decide, with your counsel, whether to inform the FBI.
3. Engage your crisis management team.
4. Begin execution of your data incident response plan.
5. Notify your insurance broker and/or cyber-insurance carrier.
6. Investigate the incident.
7. Stop any additional loss and prevent further exposures.
8. Assess the fallout.
9. Learn from the incident and improve your response plan and system security.

Even before you become a victim to ransomware, there are measures to take that will mitigate the possibility of being infiltrated. Besides working with outside counsel to plan and prepare for the steps above, you should consider doing the following:

1. Educate your workforce, e.g., utilization of strong passwords, think before you click, locking devices, avoiding public WiFi.
2. Restrict access to data as much as possible.
3. Encrypt data.
4. Conduct regular security risk assessments.
5. Backup to a secure, offsite location.
6. Evaluate the cybersecurity posture of your vendors.

Please feel free to speak with your contact or anyone at Procopio if you would like assistance with implementing the recommended measures, improving your existing plans, or if you have been subject to a ransomware attack.