BOSTON — The FBI’s Bill McDermott engaged attendees Tuesday morning at the HIMSS 2022 Cybersecurity Forum with a passionate — and passionate — overview of industry-specific cybersecurity vulnerabilities. healthcare and how the FBI can help.
“What if I pick up the phone and call you and I say it’s Bill McDermott from the FBI? You’ll hang up,” he said, which was met with laughter.
“What are the most dangerous words you’ve ever heard? ‘I’m from the government and I’m here to help. But now you know who I really am.”
The FBI has prevented cyberattacks, such as when a Nebraska hospital detected malware on a server, and the agency stepped in to help isolate that software and prevent patient data from being compromised. offense.
Top Cyber Threats to Healthcare Organizations
Most of the threats McDermott looked at — business email compromises and ransomware, to name two — were typically carried out by phishing and online fraud.
“It’s human error; that’s where the risk comes from,” he said.
With personal information, breaches are easier to correct, he said, saying that protected health information opens the door to blackmail and extortion.
With a business email breach, the average loss is $80,000. For comparison, a successful bank robbery brings in an average of $3,816.
That strategy, says McDermott, provides the “biggest return for money,” the bad guys set up email forwarding to get the information they want, and they’re easy to implement. They will set up free WiFi in a public place like a coffee shop and log in to their email accounts via mobile phones.
“If it’s new to you it may not be new to us.”
FBI Special Agent William McDermott
BECs can lead to money being diverted away from the healthcare sector. The bad guy will impersonate a supplier via email and request payment, which an unsuspecting company representative may end up paying into a bank account controlled by the bad guy.
Last month, the Justice Department announced the first coordinated action against individuals who used business email compromise and money laundering schemes to target healthcare payers that the FBI helped. investigate. The robust roster of investigative agencies uncovered $11.1 million transferred to 10 individuals.
When the ransomware hit, however, it was “the worst day ever,” McDermott admitted.
One of the first things bad guys will do with their malware, he said, is to look up an organization’s cyber insurance policy for their coverage amount. They can then initiate data transactions before the lockdown occurs, and when the ransom arrives, they will claim the amount listed in the organization’s coverage.
But when ransomware hits, an organization’s online response determines when and who reaches it.
“You have to have a guidebook – do what the manual does. We want to be informed,” he said.
Responding to Threats and Misconceptions
McDermott said each FBI field office has subject matter expertise in specific variations, and your case may be investigated by a field office in another state.
“Our role in the event and how we can help: if it’s new to you it may not be new to us,” he said, and the agency may have the decryption key it has. can be provided to you over the phone.
There are thousands of variations, but when a healthcare organization can go deep and focus on one event or direction of attack, it’s easier for the FBI to help, he added.
The biggest misconception organizations have, he said, is how the FBI will deploy to a cybercrime scene. The movies depict it in a dramatic way, but the response is more likely to be a phone call.
“We definitely don’t show up in the FBI raincoat because that would make the victim victimized,” he said.
He also said that organizations can sometimes be hesitant to report because they don’t want information out, but the FBI will not fall victim to an organization calling out after a cyber attack, and They won’t publish it either.
The second misconception is that if an organization lets the FBI in, they will start looking for another breach.
“Those people, they’re there because you’re the victim of a crime. We’re not going to make you a victim again,” McDermott said.
He also encourages network reporting and employee engagement. With internal risks, which are part of an organization’s online response handbook, organizations must monitor anomalies in employee behavior.
CISA is a great resource, as is the FBI’s InfraGard program, he said. CyWatch also provides a distribution list with useful information.
While you can call the FBI and they will always answer the phone, the response will be very real, McDermott said.
“You won’t get the warm hug you would get if you called me,” he said, encouraging attendees to email him.
Andrea Fox is the senior editor of Healthcare IT News.
Email: [email protected]
Healthcare IT News is a publication of HIMSS.
