May 31, 2020

May 30, 2020

Subscribe to Latest Legal News and Analysis

May 29, 2020

Subscribe to Latest Legal News and Analysis

May 28, 2020

Subscribe to Latest Legal News and Analysis

Microsoft Issues Cybersecurity Risk Warning and Offers Help to Hospitals During COVID-19 Crisis

On April 1, 2020, Microsoft issued a specific warning to health care entities alerting them that they are at particular risk during the COVID-19 crisis, as threat actors are using the pandemic to take advantage of vulnerabilities while hospitals are focused on responding to the crisis.

According to Microsoft “[D]uring this time of crisis, as organizations have moved to a remote workforce, ransomware operators have found a practical target: network devices like gateway and virtual private network (VPN) appliances. Unfortunately, one sector that’s particularly exposed to these attacks is healthcare.”

Microsoft’s scanning resources previously identified dozens of health care organizations that were at risk, notified them and provided them with resources addressing how to reduce the risk of a ransomware attack or credential theft during this time.

According to Microsoft “[A]s part of intensified monitoring and takedown of threats that exploit the COVID-19 crisis, Microsoft has been putting an emphasis on protecting critical services, especially hospitals. Now more than ever, hospitals need protecting from attacks that can prevent access to critical systems, cause downtime, or steal sensitive information.”

Microsoft advises that ransomware is a particular threat to hospitals at this time, and that a successful ransomware attack could create chaos if providers are unable to access electronic medical records of patients while treating them, especially in intensive care units. The Microsoft warning noted that “the attackers behind the REvil ransomware are actively scanning the internet for vulnerable systems. Attackers have also been observed using the updater features of VPN clients to deploy malware payloads.”

Microsoft’s alert sets forth important details of what hospital information technology personnel should be looking for and focusing on to minimize this critical risk. Microsoft’s suggestions can be accessed here.

Copyright © 2020 Robinson & Cole LLP. All rights reserved.

TRENDING LEGAL ANALYSIS


About this Author

Linn F. Freedman, Robinson Cole Law Firm, Cybersecurity and Litigation Law Attorney, Providence
Partner

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She provides guidance on data privacy and cybersecurity compliance to a full range of public and private clients across all industries, such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine, and charitable organizations. Linn is a member of the firm's Business Litigation Group and chairs its Data Privacy + Cybersecurity Team. She is also a member of the Financial Services Cyber-Compliance Team (CyFi ...

401-709-3353