CASE REPORT MSDIS CORNER
                THE THREAT OF MALWARE AND BAD ACTORS IS REAL AND GROWING
Health care practices, large and
small alike, may find it daunting to stay ahead of potential cyber attacks and protect themselves against the possibility of damage and loss. In September of 2020, 67 organizations reported to the U.S. Department of Health and Human Services (HHS) a collective total of 5,648,001 individuals being affected by data breaches. Some recent examples of cyber attacks include:
 The Johns Hopkins University (Baltimore, MD) School of Medicine’s COVID-19 infection rate map was laced with suspicious malware by bad actors exploiting human desire for information on the pandemic
 ChristianaCare (Newark, DE) hacking/IT incident
 MedStar Health (Columbia, MD) hacking/IT incident
 Deveraux Advanced Behavioral Health (Villanova, PA) hacking/IT incident
 Lehigh Valley Health Network (Allentown, PA) hacking/IT incident
 Mount Sinai Health System (New York City, NY) hacking/IT incident
 Mid-Delaware Imaging (Dover, DE) unauthorized access/disclosure
 Brandywine Counseling & Community Services (Wilmington, DE) unauthorized access/disclosure
 New Jersey Urology, LLC (Princeton, NJ) hacking/IT incident
 HHS suffered a cyber attack on its computer system in March
 Champaign-Urbana Public Health District (Illinois) ransomware attack
Threat actors are using the COVID-19 event and the remote workforce to gain a foothold for later exploitation against highly valued targets such as the health care sector.
Given that these types of attacks
will likely continue to increase, it is imperative for businesses to evaluate and address their exposure to cyber risk.
Consider the following areas of concern:
 Remember that malware software such as keyloggers are being hidden in emails, notifications, and social media posts, and may appear to be from trusted government agencies such as the World Health Organization (WHO) and Centers for Disease Control and Prevention (CDC).
 Watch out for fake domains for meeting and school applications such as Zoom, Google Classroom, and other trusted platforms.
 Expect to see additional phishing emails from hackers posing as delivery companies, online sellers, brokers, and investments firms.
 Are your employees and third- party services providers aware of the cyber risks that could impact your practice and are your employees trained?
 Are your third-party IT providers threat-aware and are all necessary protocols/updates in place?
There can be devastating results from the loss of personal information,
such as login credentials to financial institutions. At a minimum, it could lead to the theft of funds and fraudulent charges, damaged reputations, and even more.
FOLLOW MITIGATION BEST PRACTICES
 Do you have a current incident response plan? Do you test it biannually? Do you adjust your plan when the threat level changes?
 Exercise caution in handling
      Del Med J | November/December 2020 | Vol. 92 | No. 6
277