Hospitals and health systems should be on the lookout for data "time bombs" that could cause patient information to be destroyed by hackers, the American Hospital Association warned.
Ransomware gangs have been attacking victims twice within close proximity and using data deletion tools that lie dormant during which time the groups can negotiate for more ransom, the FBI said in a Sept. 27 notice.
"Foreign cyber adversaries continue to evolve their tactics in a way to increase likelihood of ransom payments," said John Riggi, AHA's national advisor for cybersecurity and risk, in a Sept. 29 news release. "The combination of multiple ransomware attacks on the same vulnerable victim organization and the use of a 'ticking' data destruction 'time bomb' speaks to the sinister mindset of these cyber thugs."
Hospitals and health systems should maintain multiple offline copies of "highly secure, encrypted and immutable backups," Mr. Riggi said.
"Immutable backups are essential to prevent encryption, deletion or alteration of data during a ransomware attack and will help facilitate restoration of data and networks without payment of a ransom," he said.