Microsoft Issues Cybersecurity Risk Warning and Offers Help to Hospitals During COVID-19 Crisis

Robinson+Cole Data Privacy + Security Insider
Contact

On April 1, 2020, Microsoft issued a specific warning to health care entities alerting them that they are at particular risk during the COVID-19 crisis, as threat actors are using the pandemic to take advantage of vulnerabilities while hospitals are focused on responding to the crisis.

According to Microsoft “[D]uring this time of crisis, as organizations have moved to a remote workforce, ransomware operators have found a practical target: network devices like gateway and virtual private network (VPN) appliances. Unfortunately, one sector that’s particularly exposed to these attacks is healthcare.”

Microsoft’s scanning resources previously identified dozens of health care organizations that were at risk, notified them and provided them with resources addressing how to reduce the risk of a ransomware attack or credential theft during this time.

According to Microsoft “[A]s part of intensified monitoring and takedown of threats that exploit the COVID-19 crisis, Microsoft has been putting an emphasis on protecting critical services, especially hospitals. Now more than ever, hospitals need protecting from attacks that can prevent access to critical systems, cause downtime, or steal sensitive information.”

Microsoft advises that ransomware is a particular threat to hospitals at this time, and that a successful ransomware attack could create chaos if providers are unable to access electronic medical records of patients while treating them, especially in intensive care units. The Microsoft warning noted that “the attackers behind the REvil ransomware are actively scanning the internet for vulnerable systems. Attackers have also been observed using the updater features of VPN clients to deploy malware payloads.”

Microsoft’s alert sets forth important details of what hospital information technology personnel should be looking for and focusing on to minimize this critical risk. Microsoft’s suggestions can be accessed here.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Robinson+Cole Data Privacy + Security Insider | Attorney Advertising

Written by:

Robinson+Cole Data Privacy + Security Insider
Contact
more
less

Robinson+Cole Data Privacy + Security Insider on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.