Security Notification Update: Increased Cybercrime Threats to U.S. Hospitals and Healthcare Providers

Tips & Tricks

Back to Tips & Tricks

In a joint alert sent on October 28th, the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the U.S. Department of Health and Human Services said they have “credible information” that cybercriminals are taking new aim at healthcare providers and public health agencies even as the coronavirus pandemic reaches new heights.

To quote the agencies press release, “CISA, FBI and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers,” officials said. “Malicious cyber actors” may soon be planning to “infect systems with Ryuk ransomware for financial gain” on a scale not yet seen across the American healthcare system.

The agencies recommended that hospitals, practices and public health organizations take “timely and reasonable precautions to protect their networks from these threats” which they said include targeting with Trickbot malware, “often leading to ransomware attacks, data theft, and the disruption of healthcare services” just as hospitals are also hard-pressed to respond to a third wave of the COVID-19 crisis.

The CISA, FBI and HHS agencies offered fundamental guidelines for how hospitals and healthcare organizations can harden their defenses to help protect against ransomware and other cyberattacks:

  • Patch operating systems, software and firmware as soon as manufacturers release updates.
  • Check configurations for every operating system version for HPH organization-owned assets to prevent issues from arising that local users are unable to fix, due to having local administration disabled.
  • Regularly change passwords to network systems and accounts and avoid reusing passwords for different accounts.
  • Use multifactor authentication where possible.
  • Disable unused remote access/Remote Desktop Protocol ports and monitor remote access/RDP logs.

In combination with the government agencies suggestions, DI is recommending that our customers follow our guidelines for the best practices in securing your Instrument Manager applications, as described in our Secure Configuration Guidance White Paper located within IM help.

Please let us know if you have any questions or concerns. As always, we are committed to ensuring your protection, and recommend the continued adherence to application configuration best practices.

More Tips & Tricks Articles

Tips & Tricks

How to Install Instrument Manager™ Core Software

NOTE These instructions apply for Data Innovations’ North American customers. If this is your first time installing IM, please contact Data...

Tips & Tricks

How to help Data Innovations help you when requesting Support

Data Innovations' Tips & Tricks are intended to promote the effective and productive use of Instrument Manager. Fortunately, Instrument Manager...

Tips & Tricks

Evaluation Rules for Clinical Ranges Precaution

When building an Autoverification Rule Set it's common to include evaluation rules for Clinical Ranges. These rules typically set test...

Tips & Tricks

Instrument Manager System Preventative Maintenance (volume 1)

Instrument Manager is a robust software application with a proven track record of operational stability. However, as with any software...

Tips & Tricks

Instrument Manager System Preventative Maintenance (volume 2)

This month's Tips & Tricks is the second installation of Preventative Maintenance recommendations intended to help you maintain a stable...

Tips & Tricks

Instrument Manager System Preventative Maintenance (volume 3)

Instrument Manager is a robust program that can run for long periods of time without issue. However, there are some...

Tips & Tricks

Network Installation of EP Evaluator®, Release 12.02

With the release of EP Evaluator 12, this Tips and Tricks will review the network installation/upgrade process.


Tips & Tricks

Day Light Savings Preparation

Data Innovations has changed the requirements around time changes for versions 8.07 and higher. After careful consideration we no longer require...

Ready to learn more?