Healthcare held hostage

What businesses should know about the recent spate of cyberattacks against hospitals

ByCody McAlester
November 4, 20204 min read

Healthcare organizations should plan ahead for a cyberattack instead of trying to react to one when it occurs, BOK Financial's® top information security officer said.

The New York Times recently reported that hundreds of American hospitals are under fire from Russian hackers.

These cyberattacks, commonly known as ransomware, are a modern-day version of digital extortion. The perpetrators typically evade cybersecurity tools by blending in with legitimate network traffic.

Paul Tucker, BOK Financial's chief information security officer, cited a ransomware called Ryuk as one of the most prominent security threats for all industries, especially healthcare.

The attacks are becoming increasingly sophisticated and highly targeted, advancing from merely encrypting an organization's data to exfiltrating, or copying, transferring or retrieving, that data. A scary proposition for any business, U.S. healthcare providers are particularly vulnerable today as coronavirus cases continue to escalate across the country.

"We are advising our clients to take proactive, rather than reactive, steps," Tucker said. To plan ahead, he offered these tips for before, during and after an attack:

Before a ransomware attack

  • Perform a risk assessment of your company's exposure to a ransomware attack.
  • Ensure proper awareness about ransomware and the techniques that are used to trick your employees with phishing attacks.
  • Develop a resiliency strategy that prevents ransomware from encrypting your backups. Maintain offline, protected backups of data.
  • Segment core areas of the network to protect your high-value assets.
  • Develop an incident response plan to minimize the damage.
  • Minimize the attack surface. Don't allow users to have administrative rights on their computers, utilize multi-factor authentication, deploy strong endpoint detection and response capabilities, and change passwords on a frequent basis.
  • Patch operating and application systems from vulnerabilities.
  • Inspect and protect all incoming and outgoing emails.
  • Explore cyber insurance options.

During a ransomware attack

  • Initiate your crisis management plan.
  • Notify the proper authorities of the extortion attempt, i.e., the local FBI office or the Internet Crime Complaint Center. Note: They will not help with the remediation or extraction of the ransomware.
  • Identify the data backups that need to be restored for the encrypted files. Make sure they are not encrypted also.
  • Contact a forensics company for assistance.
  • Isolate infected systems to save others.
  • Check insurance policies.
  • Consult legal advisors on the ransomware payment considerations. Law enforcement recommends not paying, as you may not get your files back.

If your organization is a victim of ransomware, you may want to use the Ransomware Response Checklist located in CISA and MS-ISAC's Joint Ransomware Guide, which contains steps for detection and analysis as well as containment and eradication.

After a ransomware attack

  • Identify if any data privacy issues exist.
  • Develop an after-action report of the incident activities.
  • Enhance the plans to mitigate gaps around the company's protections.
  • Continue to collect forensic data from the attack.

"While these steps aren't comprehensive, they will go a long way to securing your company's and your clients' data," added Tucker. "Remember, an ounce of prevention is worth a pound of cure. That is especially true when it comes to cybersecurity."

Topics
Subscribe

Related Content

    BOK Financial Corporation is a more than $50 billion regional financial services company headquartered in Tulsa, Oklahoma with more than $105 billion in assets under management and administration. The company's stock is publicly traded on NASDAQ under the Global Select market listings (BOKF). BOK Financial Corporation's holdings include BOKF, NA; BOK Financial Securities, Inc., and BOK Financial Private Wealth, Inc. BOKF, NA's holdings include TransFund and Cavanal Hill Investment Management, Inc. BOKF, NA operates banking divisions across eight states as: Bank of Albuquerque; Bank of Oklahoma; Bank of Texas and BOK Financial (in Arizona, Arkansas, Colorado, Kansas and Missouri); as well as having limited purpose offices Nebraska, Wisconsin, Connecticut and Tennessee. The entities held by BOK Financial Corporation are periodically referred to collectively as BOK Financial Corporation Group. Through its subsidiaries, BOK Financial Corporation provides commercial and consumer banking, brokerage trading, investment, trust services, mortgage origination and servicing, and an electronic funds transfer network. For more information, visit www.bokf.com.

    Securities, insurance, and advisory services offered through BOK Financial Securities, Inc., member FINRA/SIPC and an SEC registered investment adviser. Services may be offered under our trade name, BOK Financial Advisors.

    Investments involve risk, including loss of principal. Past performance does not guarantee future results. There is no assurance that the investment process will consistently lead to successful investing. Asset allocation and diversification do not eliminate the risk of experiencing investment losses. Risks applicable to any portfolio are those associated with its underlying securities.

    INVESTMENT AND INSURANCE PRODUCTS ARE: NOT FDIC INSURED | NOT GUARANTEED BY THE BANK OR ITS AFFILIATES | NOT DEPOSITS | NOT INSURED BY ANY FEDERAL GOVERNMENT AGENCY | MAY LOSE VALUE.

    The content in this article is for informational and educational purposes only and does not constitute legal, tax or investment advice. Always consult with a qualified financial professional, accountant or lawyer for legal, tax and investment advice. Neither BOK Financial Corporation nor its affiliates offer legal advice.

    BOK Financial® is a trademark of BOKF, NA. Member FDIC. Equal Housing Lender . © 2025 BOKF, NA.