Cyber Security will always be a work in progress. Even the most skilled, large scale, resourced healthcare organizations must continually work every day to keep up with the fast-evolving cyber threats. Unfortunately however, very often cyber criminals are able to exploit human error. We will continue to train, test, and work promptly to eliminate or substantially reduce risks associated with human error.
What is Island Hopping in Cyber Security?
Island Hopping is a new method that cyber-criminals are utilizing to target small and large healthcare organizations that puts healthcare vendors directly in their line of fire. Island Hopping involves attackers exploiting the weaknesses of healthcare vendors in order to move laterally to target healthcare organizations. Infiltrating healthcare vendors allows cyber criminals to gain access in a connected network and then exploit the relationship between healthcare organizations and their vendors. This is done to gain access to the healthcare organizations’ patient health information.
This particular attack gets its name from a World War 2 strategy adopted by the US in its island campaign against Japan. Forces gradually and strategically seized control of smaller islands outside of the mainland of the axis power instead of tackling it head-on, a technique called 'leapfrogging' at the time.
As this type of attack becomes more frequent and more devastating, we know one of the first places to continue strengthening is employee Cyber Security Awareness Training. Many of our standard cyber security practices will continue to be effective as part of preventing island hopping.
When it comes to your passwords, two-factor authentication is a must, as is avoiding default, generic, or predictable passwords.
Back up your data to a location other than your computer, such as the cloud or on the network. This is Lone Star Communications' policy.
Don't forget about endpoints other than desktops and laptops. Our smartphones, tablets, and other IoT devices like printers and network-connected devices are all at risk, too.
Be aware of phishing schemes, and don't click on links from suspicious or unknown sources that may be trying to steal your personal information, like login credentials.
Similarly, to protect your data from malware, keep your software up to date, including your antivirus software.
Always be sure to have all your company assigned devices that connect to our customers network, scanned and checked on the scheduled days, by the Technology Department. This is also Lone Star Communications' policy.
-Brian Banks, Internal Information Security Officer