AMA, feds warn health care sector of ‘imminent cybercrime threat’
The Federal Bureau of Investigation (FBI) and the U.S. Department of Health and Human Services (HHS) have warned U.S. hospitals and health care providers of an "imminent cybercrime threat,” noting that several hospitals across the country had already been hit, the AMA said in an email to members Oct. 30.

According to the AMA, the Cybersecurity and Infrastructure Security Agency (CISA), the FBI and HHS issued an advisory saying they had "credible information" that cybercriminals are taking new aim at health care providers and public health agencies as the COVID-19 pandemic reaches new heights. In addition, "malicious cyber actors" may soon be planning to "infect systems with Ryuk ransomware for financial gain" on a scale not yet seen across the American health care system. Hospitals, physician practices, and public health organizations should take "timely and reasonable precautions to protect their networks from these threats," the advisory said, adding that malware targeting techniques often lead to ransomware attacks, data theft and the disruption of health care services.

The agencies recommend several mitigation steps and best practices for health care entities to take to reduce their risk, including the following:
  • Patch operating systems, software, and firmware as soon as manufacturers release updates. 
  • Regularly change passwords to network systems and accounts and avoid reusing passwords for different accounts.
  • Use multi-factor authentication where possible.
  • Disallow use of personal email accounts
  • Disable unused remote access/Remote Desktop Protocol (RDP) ports and monitor remote access/RDP logs.
  • Identify critical assets; create backups of these systems and house the backups offline from the network.
  • Set antivirus and anti-malware solutions to update automatically; conduct regular scans.

The AMA and the American Hospital Association have created a resource called Technology Considerations for the Rest of 2020, available here
Additional AMA resources for guarding against cybersecurity threats can be found here.