Indian Healthcare security is being targeted by North Korean hackers.
The North Korean government-backed hackers may expand their activities, and the US Federal Bureau of Investigation (FBI) and other law enforcement organizations have warned to stop the recurrence of last year’s assaults. They have also recommended healthcare organizations improve their security. The intelligence officials claim that the targeting by Korean hackers impacted the operations of various health service companies. The activities reportedly suffered delays for a long period in several situations. In an updated advisory released on Wednesday to thwart potential attacks by North Korean hackers, the FBI, Department of Treasury, and US Cybersecurity and Infrastructure Security Agency (CISA) recommended hospitals strengthen their system security.
According to the intelligence agencies’ explanation of the event from a year ago, North Korea disrupted hospital operations by using ransomware to encrypt computer systems containing electronic health records, diagnostics, and imaging services. The FBI, CISA, and Treasury all strongly advise paying ransoms since doing so does not ensure that information and documents will be retrieved and may put penalties in danger, according to a statement issued on July 6. The new alert specifically urges U.S. organizations to implement and enhance cybersecurity procedures, disclose ransomware assaults to law authorities, and fully cooperate with them. According to the new guidance, concerned parties would be more likely to have apparent sanctions breaches involving ransomware attacks resolved by the Treasury’s Office of Foreign Assets Control (OFAC) if they adopt these proactive measures.
Additionally, it has guided how the healthcare industry should defend against ransomware attacks:
- Update programs, firmware, and software as soon as they are made available.
- One of the most influential and economical steps a business can take to reduce its exposure to cybersecurity risks is timely patching.
- Give addressing known exploited vulnerabilities priority while keeping a regular check for software upgrades and end-of-life announcements.
- Any services you utilize that might be hazardous, such as Remote Desktop Protocol, should be safeguarded and strictly followed (RDP).
- RDP access should be restricted, and virtual desktop architecture should be used, to further restrict access to resources via internal networks.
- Log RDP login attempts, keep track of remote access/RDP logs, impose account lockouts after a certain number of tries to stop brute force attacks, and terminate unused remote access/RDP ports.
- Examine the security measures used by your organization’s partners and third-party providers. Make sure that any connections between external hardware or software and third-party providers are watched for suspicious activities.
- Installing the program requires administrator access.
- Access restrictions are configured with the least amount of privilege in mind after auditing user accounts with elevated or administrative privileges.
- On all hosts, install and keep up-to-date antivirus and antimalware software.
- Avoid utilizing public Wi-Fi networks and only connect to secure networks. Think about setting up and using a VPN.
- When receiving emails from outside your company, think about including a banner.
- Deactivate links in received emails.
FBI Director Christopher Wray asserted in June that Boston Children’s Hospital had been the victim of a “despicable” cyberattack the year before, supported by Iranian government hackers; Tehran denied this assertion. Even if ransomware had not been used in that case, Iranian hackers were the subject of a later US warning about ransomware in November’s healthcare sector. Healthcare facilities have struggled with disruptive ransomware assaults throughout the outbreak as a result of Covid-19’s understaffing. A 100-bed Florida hospital’s IT manager told CNN in January that he had to shut down the organization’s computer systems to prevent a ransomware attack from infecting the whole facility.
Russian-speaking cybercriminals launched a wave of ransomware assaults against US hospitals in the autumn of 2020, including one alleged ransomware event that prompted the University of Vermont to postpone chemotherapy treatments in October of that year. The suspected victims of the accused North Korean hackers were not identified by the US agencies in their alert on Wednesday.
According to Errol Weiss, the organization’s chief security officer, the Health Information Sharing and Analysis Center, a global organization for large health care providers that shares information about cyber threats, did not name any of its members as victims.
North Korea has defied expectations of a technologically backward nation for years by developing a strong hacking force. In 2017, the US government charged Pyongyang with creating the so-called WannaCry ransomware, which infected more than 200,000 computers across 150 nations. British National Health Service alone spent more than $100 million as a result of the event.
According to John Hultquist, vice president of intelligence analysis at cybersecurity company Mandiant, North Korea is distinct from its counterparts in that it engages in cybercrime on a broad and active scale. “Unlike other nations, which may negotiate and contract with local criminals, the North Korean government directly commits cybercrime against targets throughout the world.”