Health sector and COVID-19 brings increased cyberattack risks

The official French health sector cybersecurity body (ACSS) and the digital health agency (ANS) issued an alert in mid March warning that the coronavirus is being exploited by cyberattackers.

The ACSS received alerts concerning pseudo Covid-19 information messages which are in reality computer viruses. "Cybercriminals are trying on a global level to exploit fear linked to the pandemic to infiltrate computer networks for companies and individuals alike". Typically threats emanate from "false e-mails from health authorities, fake internal company messages or fake delivery delay messages".

The ANS strongly encourages its members in healthcare to supervise any IT abnormalities, to ensure the smooth running of the backups and spread awareness of the risks currently faced. Almost half of all malicious incidents originate from an email or cryptovirus.

The ACSS receives on average 27 reported incidents per month. 88% of these are from public or private hospitals or clinics. 46% of all incidents have forced the establishment to run a degraded IT system for managing patient care.

Even more worrying, 5 incidents have even caused potentially life threatening issues for the patient. The current Covid-19 crisis is putting health sector IT systems at increased risk because any system under extreme tension is obviously more fragile.

***

Best Practices

Here are the 3 principal strategies - prevention, resistance, assurance- that you must not neglect when it comes to cyberattacks:

Prevent – detect and stop intrusions

Install and update anti-spam and anti-phishing tools
Update operating systems and business applications
Reset passwords regularly
Inform and train all workers on increased cybersecurity risks. Digital hygiene must be a top priority in all hospital and medical environments

Resist - prevent propagation

Ensure your anti-virus tools are up to date
Monitor unusual backup volumes (locked-down files can call cause backup activity peaks because the file names are often modified)
In the event of an attack, isolate the infected machine and ascertain which cryptovirus is the cause. Where possible, use tools to automatically or manually remove the virus and prevent propagation to other machines

Ensure continued activity – get your data back

Have a well configured backup solution. One which means your DRP (Disaster Recovery Plan) will work efficiently and rapidly. If one or more machine is infected, often the only solution is to restore a backed up image to a healthy prior state. You need to know that this image is securely stored and uncompromised by any cyberattack.

***

Atempo solutions

Atempo solutions are proud to bear the labels: "France Cybersecurity" and "Used by French Armed Forces". They are solutions that are called upon as a final rampart against a cyberattack. They allow you to restore user data, servers and workstations that are no longer functioning or accessible after a ransomware or crytpo-lockdown.

In the very sensitive domain of healthcare and medecine, Atempo has many references from satisfied customers who have been able to count on our know-how and our software to ensure business continuity following a cyberattack.

***

SOME ATEMPO HEALTH SECTOR CLIENTS

	"Following the recent massive cyberattack at the University Hospital in Rouen, Atempo solutions were key to our remediation efforts" - Sylvain François, DSI du CHU de Rouen
	"Tina enabled us to recover all our data following a Cryptolocker attack. It showed its strength with the time navigation module which allowed us to restore from just prior to the attack. We were able to limit our losses and rapidly restore millions of files for all our users" - Thierry Herrijgers, IT Infrastructure Manager, Angers University Hospital