RALEIGH, N.C. (WNCN) — As the U.S. deals with a surge in COVID-19 cases, the FBI warns hackers are now targeting U.S. hospitals and healthcare providers with ransomware attacks.
In a letter, the FBI and other federal agencies warned of an “imminent cybercrime threat” to hospitals across the country.
“People everywhere should be concerned about this,” said Jon Sternstein, a cybersecurity expert and founder of Stern Security.
Sternstein tells CBS 17 it only takes one employee to click on a bad link that could spread and shut down the entire hospital system.
That could potentially mean hospital staff may not be able to admit new patients, perform certain procedures, or monitor vital signs on machines that rely on the network.
Sternstein explained, “The hospital wouldn’t be able to register patients, to the physicians logging in to the electronic health record for the patients. They wouldn’t be able to do that because the systems are unusable.”
He added, “This has happened actually recently at other hospitals that had to actually turn away patients.”
CBS 17 reached out to Duke Health, UNC Health, and WakeMed. A spokesman for UNC Health responded with this statement:
UNC Health is aware of an increased threat of cybercrime attacks on hospitals and health systems nationwide. Our information technology and cybersecurity experts employ a wide range of tools and procedures every day to protect our systems. We are reminding all co-workers to be vigilant for suspicious emails and anything else unusual; and will work closely with state and federal law enforcement and others to ensure all of our IT infrastructures remains safe and secure.UNC Health spokesperson
Sternstein says most hospitals have back-up systems, but adds sometimes they don’t work.
He explained, “We’ve seen many organizations say they have backups, but once they actually run into an incident, they try to recover from that and they realize that their backups are corrupt or maybe their backups don’t cover everything they should have covered.”
Whether it’s your work or personal email account, never click on attachments, downloads, or links that may seem odd.