New Jersey Issues Best Practices For Healthcare Industry To Combat COVID-19 Cyberattacks

Fox Rothschild LLP
Contact

Fox Rothschild LLP

The New Jersey Cybersecurity and Communications Integration Cell (NJCCIC) issued an advisory to hospitals and other healthcare organizations that cybercriminals are targeting them with phishing campaigns, ransomware, and other malicious acts referencing COVID-19.  Cybercriminals are exploiting the fact that the healthcare sector is consumed with COVID-19 management and response to ramp up attacks, including ransomware attacks in the hundreds of thousands to millions of dollars.

NJCCIC recommends the following best practices for users and administrators of healthcare organizations to lower cybersecurity risks:

• “Reinforce security awareness principles and cybersecurity best practices for password security, email and Internet use, and incident reporting.
• Ensure all default passwords are changed to strong passwords for all devices and systems.
• Enable multi-factor authentication as technically and operationally feasible.
• Harden systems and devices by disabling all unnecessary ports, protocols, and services, limiting functionality to only what is required.
• Maintain all hardware and software at the latest vendor-supported security patch levels.
• Deploy anti-malware software on all endpoints capable of running anti-malware software.
• Apply the principle of least privilege, limiting access to the minimal level users require to carry out their duties and responsibilities.
• Implement network segmentation, keeping IoT devices separate from other critical systems and networks.
• Continuously monitor all system, network, application, and user activity for suspicious or anomalous behavior.
• Establish a comprehensive business continuity program that includes a data backup plan in which multiple copies of backups are stored off the network and in a separate and secure location.”

Finally, NJCCIC encourages the healthcare industry to contact them to report cyber security incidents by using their cyber incident report form.

[View source.]

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Fox Rothschild LLP | Attorney Advertising

Written by:

Fox Rothschild LLP
Contact
more
less

Fox Rothschild LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.