Nation-state attacks have been a daily threat for years. Even though news headlines are focused on Russia’s invasion of Ukraine, IT professionals know all too well that these threats are not new.

Cyber attacks from Russia, China, Iran, and North Korea have been ever-present threats in the last six years, if not longer.

While the predicted wave of attacks from Russian state-sponsored groups–and those sympathetic to their cause–has not yet come to pass, there is heightened concern for cybersecurity professionals, especially within the United States.

HealthIT Security‘s analysis of the HHS Office for Civil Rights (OCR) data breach portal shows that over 6.8 million individuals have been impacted from the 132 breaches reported in the first three months of 2022.

As organizations have 60 days to declare incidents, these numbers are expected to rise, reinforcing the “not if but when” mindset of many cybersecurity professionals.

A cybersecurity attack originating from any threat group, whether it’s ransomware or distributed denial of service attacks, would have a significant impact on a health system, its patients, and its community.

Such incidents can leave systems inaccessible or non-functioning, directly inhibiting healthcare providers’ ability to treat patients or continue with normal business functions.

Healthcare cybersecurity response actions

Here are some response actions and resources to consider to strengthen your healthcare organization’s cybersecurity posture:

  • Recall and employ the fundamentals of cybersecurity
  • Consider DNS whitelisting. A more effective tactic than geofencing, this practice enables organizations to control access to their environments from known-good sources considering an attack will be routed through a geographic region that would circumvent geofencing
  • Implement additional protections to the endpoint (workstation and server alike), such as reputable endpoint detection and response technologies
  • Review your incident response plan, test backups, and consider secondary and tertiary recovery measures
  • Perform an audit of your users and their accesses, especially to public-facing resources, considering the principle of least privilege
  • Collect and document emergency contact information so you know who to call for help when you need it

Industry organizations