The reminder comes amid an increase in cyberattacks, especially ransomware attacks, against organizations that work with sensitive or critical information. This includes covered entities that must maintain HIPAA compliance and demonstrate due diligence when safeguarding protected health information (PHI).
SEE ALSO: HIPAA compliant email
Threat actors typically intensify cyberattacks during the holidays so this CISA alert provides specific techniques that organizations can utilize during these times.
CISA recommends that organizations continue to care for their cyber health “during the upcoming holiday season—a time during which offices are often closed, and employees are home with their friends and families.”
CISA states that there is no specific threat. But the agency does point out that several 2021 serious cyberattacks occurred during a holiday weekend. This includes the ransomware attack on Colonial Pipeline over Mother’s Day weekend as well as the Kaseya VSA “ransomware tsunami” over Independence Day weekend.
Such cyberattacks cause much disruption and chaos; some researchers even call the current uptick in attacks a ransomware epidemic. And for healthcare providers, seen as juicy targets by cyberattackers, the costs of such attacks is distressing.
RELATED: Ransomware is more common in healthcare than you think
This is why CISA and the FBI urge organizations “to examine their current cybersecurity posture and implement best practices and mitigations to manage the risk posed by cyber threats.”
SEE ALSO: A tired, stressed staff raises cybersecurity risks
The agencies then list several techniques hackers utilize to cause data breaches including phishing, website spoofing, and unencrypted transactions. Finally, the statement provides a directive should an organization become a victim: review and update incident and business recovery plans. And these plans must include a set of actions or steps to take after a breach as well as a list of contacts to reach out to.
This reminder should prompt organizations to always remain attentive.
RELATED: Catching ransomware before it catches you
In general, a strong, consistent cybersecurity program must use layers of protection including CISA’s recommendations above. Organizations must keep up-to-date policies and procedures, including recovery and backup plans so that everyone knows what to do. But access controls may need to go beyond MFA and password security with privileged access management.
Finally, while employee training is a critical step it is not enough on its own. Other security procedures to consider include separate/offline backups, patched and updated legacy systems, encryption at rest and in transit, and antivirus software. And, given the nature of most ransomware attacks, email security (i.e., HIPAA compliant email).
Email is the most accessible threat vector (or entry point) into any system, which is why email security is vital. Employing HIPAA compliant email with strong inbound and outbound email security is crucial to safeguarding PHI.
RELATED: Why healthcare providers should use HIPAA compliant email
Paubox Email Suite Plus protects email from threats like phishing and domain name spoofing. In fact, our HITRUST CSF certified solution comes with Zero Trust Email, which adds a layer of verification even before an email gets delivered. Paubox Email Suite Plus requires no change in email behavior and is operational from any existing email platform (e.g., Microsoft 365 and Google Workspace).
This means complete peace of mind since any possible back door is kept locked and safe. Ultimately, organizations must find their own combination of cybersecurity methods but that doesn’t mean they should not always be attentive. Cyberattacks can halt an organization’s operations and cause a ripple effect of problems throughout. This is why vigilance is always necessary, even during a holiday.