Security News

Fresenius, Europe's largest private hospital operator and a major provider of dialysis products and services that are in such high demand thanks to the COVID-19 pandemic, has been hit in a ransomware cyber attack on its technology systems. Based in Germany, the Fresenius Group includes four independent businesses: Fresenius Medical Care, a leading provider of care to those suffering from kidney failure; Fresenius Helios, Europe's largest private hospital operator; Fresenius Kabi, which supplies pharmaceutical drugs and medical devices; and Fresenius Vamed, which manages healthcare facilities.

In addition to the attack on the hospital in the Czech Republic, she cited a number of healthcare cyber incidents in France, Spain and Thailand, adding that there needs to be more collaboration worldwide on protecting critical health infrastructure in times of crisis. Ransomware attacks on healthcare providers rose 350% in the fourth quarter of 2019, and Emsisoft research shows that more than 759 healthcare providers were hit with ransomware last year.

US Secretary of State Mike Pompeo said Saturday he was concerned by 'malicious' cyber attacks that have targeted Czech hospitals battling the novel coronavirus. "As the world battles the COVID-19 pandemic, malicious cyber activity that impairs the ability of hospitals and healthcare systems to deliver critical services could have deadly results," Pompeo said.

Microsoft is offering hospitals security tips to try to help. Though some ransomware groups have actually pledged to leave hospitals alone during the COVID-19 outbreak, other groups are clearly exploiting the situation.

Here are steps hospital IT admins can take to prevent ransomware and safeguard patient data. Health agencies, and medical facilities can be particularly exposed to ransomware as they hold sensitive research information and patient data that they can't afford to lose.

Hospital CIOs also can take steps to collaborate with healthcare providers and strengthen the technical infrastructure of their facilities. Chou recommended preparing the contact center since they are the first line of contact for appointment scheduling for patients.

The process of constructing a holistic policy-based identity management solution can be difficult and overly complex, especially in the sensitive hospital environment with myriad identities. An integrated identity ecosystem provides a unified view across both cyber and physical security system; improving the overall hospital experience.

The EU Agency for Cybersecurity published a cybersecurity procurement guide for hospitals. The Procurement Guidelines for Cybersecurity in Hospitals published by the Agency is designed to support the healthcare sector in taking informative decisions on cybersecurity when purchasing new hospital assets.

Almost half of connected hospital devices are still exposed to the wormable BlueKeep Windows flaw nearly a year after it was announced, according to a report released this week. The proportion of Windows devices connected to a network that are vulnerable is far higher, at 45%, it adds.

A lawsuit seeking class action status has been filed against a New Jersey healthcare organization in the wake of a ransomware attack last December in which the entity paid attackers a ransom to unlock its systems. Because of the ransomware attack, patients had their medical care and treatment disrupted, the complaint alleges.