Resources

Client Alerts, News Articles, Blog Posts, & Multimedia

Everything you need to know about BMD and the industry.

CISA Ransomware Practices

Client Alert
October 29, 2020

On October 28, 2020, the United States Cybersecurity and Infrastructure Security Agency (CISA) issued an alert warning of imminent threats to US hospitals and healthcare providers. The specific threat involves RYUK Ransomware attacks. RYUK is a novel ransomware that goes undetected by commercial anti-virus/malware detection programs. Once deployed, RYUK encrypts all data and disables systems. In short, it cripples all functionality down to phone systems and automated doors. Healthcare providers should alert their employees to remain hyper-vigilant and report any suspicious activity seen in email or on networks. It has been reported healthcare providers in New York, Pennsylvania and Oregon have been targeted in the last 48 hours. If your organization encounters issues, BMD can assist in mobilizing a response team and has contacts with forensic IT firms that are familiar with RYUK. It is advisable to engage professionals with experience dealing with this specific threat.

 

A few practical tips:

Ransomware Best Practices

CISA, FBI and HHS do not recommend paying ransoms. Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. In addition to implementing the above network best practices, the FBI, CISA and HHS also recommend the following:

  • Regularly back up data, air gap, and password protect backup copies offline.
  • Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, secure location.

User Awareness Best Practices:

  • Focus on awareness and training. Because end users are targeted, make employees and stakeholders aware of the threats—such as ransomware and phishing scams—and how they are delivered. Additionally, provide users training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities.
  • Ensure that employees know who to contact when they see suspicious activity or when they believe they have been a victim of a cyberattack. This will ensure that the proper established mitigation strategy can be employed quickly and efficiently.

Network Best Practices:

  • Patch operating systems, software, and firmware as soon as manufacturers release updates.
  • Check configurations for every operating system version for HPH organization-owned assets to prevent issues from arising that local users are unable to fix due to having local administration disabled.
  • Regularly change passwords to network systems and accounts and avoid reusing passwords for different accounts.
  • Use multi-factor authentication where possible.
  • Disable unused remote access/Remote Desktop Protocol (RDP) ports and monitor remote access/RDP logs.
  • Implement application and remote access allow listing to only allow systems to execute programs known and permitted by the established security policy.
  • Audit user accounts with administrative privileges and configure access controls with least privilege in mind.
  • Audit logs to ensure new accounts are legitimate.
  • Scan for open or listening ports and mediate those that are not needed.
  • Identify critical assets such as patient database servers, medical records and telehealth and telework infrastructure; create backups of these systems and house the backups offline from the network.
  • Implement network segmentation. Sensitive data should not reside on the same server and network segment as the email environment.
  • Set antivirus and anti-malware solutions to automatically update; conduct regular scans.

The full CISA alert can be viewed at: https://us-cert.cisa.gov/ncas/alerts/aa20-302a

CybersecurityRansomwareinfrastructureUser SecurityUser Awarenessbest practicesRYUKCISA
Client Alert

Telehealth Flexibility Updates: HIPAA, DEA, and CMS

May 12, 2023The Covid-19 Public Health Emergency (PHE) officially ended on May 11, 2023. But what does that mean for telehealth, a field that expanded exponentially during the PHE? Fortunately, many of the flexibilities will remain intact, at least temporarily. This client alert presents a brief overview of the timelines that providers need to follow, but for a more comprehensive review of telehealth flexibilities and when they will endClient Alert, Multimedia

WEBINAR SERIES RECAP | Ending the Public Health Emergency + Post-Pandemic Check-Up

May 10, 2023Some may take the position that the rest of the country already returned to a new “normal” following the COVID-19 pandemic.  But healthcare providers continue to implement COVID protocols and navigate the ever-changing healthcare regulations at both the federal and state levels.  It is important for healthcare providers to take time for a “Healthcare Check-Up” with the start of 2023 and the ending of the Public Health Emergency (“PHE”).Client Alert

Sharp Rise in False Claims Act Cases - Navigating the FCA Waters

May 5, 2023Recently, on April 18, 2023, the United States Supreme Court heard arguments regarding the FCA’s scienter, or mental state, requirement. To prove violation of the FCA, the statute requires that a defendant “knowingly” file false claims for payment. The term “knowingly” is defined within the statute to mean a person that acts with actual knowledge, deliberate ignorance, or reckless disregard. Circuit courts are split on how to interpret and apply the knowledge element of the FCA, and based on the Supreme Court’s decision, there will be a large impact on healthcare defendants and their businesses as well as anyone who contracts with, or receives money from, a federal program. A broader interpretation of the FCA would unnecessarily target and stifle healthcare, and other businesses, for simple errors in daily operations. This goes against the intended application of the FCA, which was to prevent fraudulent activity.Client Alert

Areas of Opportunity in Columbus: Highlights from the Columbus Opportunity Summit

May 5, 2023On April 27, 2023 Columbus Business First held its annual Columbus Opportunity Summit, bringing together business and economic development leaders to provide an update on how Central Ohio is preparing for expected growth in the coming years, an issue heightened by the arrival of Intel at its 1,000 acre site in Licking County, just outside of Columbus. The site will be home to two new chip factories with room to grow to a total of eight factories and is a $20 Billion investment.Client Alert

BREAKING: Biden Administration Has Officially Ended the Two Remaining COVID Vaccine Mandates

May 2, 2023As of May 1, 2023, the Biden Administration has officially ended the two remaining COVID vaccine mandates: (1) the Federal Contractor Mandate, and (2) the CMS Healthcare Provider Vaccine Mandate.
Older posts