This weekend’s ransomware attack on Universal Health System (UHS) serves as an important reminder to Cooper employees that we are all responsible for helping prevent cyber-attacks against Cooper.
UHS is a U.S. and U.K.-based health care system. Multiple hospital systems within the UHS network suffered a ransomware breach. Employees reported they did not have access to any computer-based systems or phones. Affected hospitals in California, Florida, Texas, and Washington, DC, had to redirect ambulances to other locations and relocate patients requiring surgery to other hospitals.
How did the attack begin? Not with some big bang, but with a spark: a phishing email that at least one person opened and clicked on a link. That’s all it took for the hackers to gain their foothold—one PC. Once they had infected that one PC, they were able to look for and infect other devices on the network—the infection grew exponentially. It took only seconds for the network to become infected. The hackers were also able to use information gained from their reconnaissance to identify critical assets like the electronic medical record and human resources systems. When they were ready to begin the ransomware attack, they had all the information they needed to bring down a multi-country hospital system and steal patient and employee information.
Phishing attacks are the number one vector cyber-attackers use to begin their attacks. They are quick to exploit events like the COVID-19 pandemic, natural disasters, etc., to take advantage of your willingness to do what is right, your concern for others, or your fears. They will send emails saying they are from the World Health Organization with updates on COVID-19, from the Red Cross seeking donations for hurricane or forest fire relief, or from companies selling personal protective equipment. They design each email to trick you into clicking on a link that will then download an infection on your device.
In the past few months, Cooper’s IT Department has implemented improved email security technology; however, technology will not completely solve phishing. How can you help? Be vigilant when accessing your email. Don’t open emails from people you don’t know. If you do open the email, don’t click on any links in the email or open any attachments. When you are reading the email, if something doesn’t feel right, follow your instincts and delete the email. If it’s important, the sender will contact you again.
You can also help by using the “Cisco Email Reporting” tab in your email inbox to report email as spam or phishing. When you report an email as spam, the technology will look at that email and add it to a blacklist to stop the email from coming into other people’s inboxes. When you report an email as phishing, we investigate that email to determine if it is phishing. If it is, we remove the email from everyone’s inbox.
Finally, if you have clicked on a link or opened an attachment in an email that you believe is phishing, please contact the Help Desk immediately at 856.968.7166. Once reported, we can take steps to limit any harm to Cooper. Remember, it only takes seconds to infect other devices.
If you have any questions, please contact Cooper’s Information Assurance and Privacy Officer, Phil Curran, at 856.536.1317 or via email at privacyofficer@cooperhealth.edu.