Question: What should our organization be doing right now to make sure we’re not the next Colonial pipeline? South Dakota Subscriber Answer: The Colonial Pipeline ransomware fallout has caused the feds to issue an advisory covering all industries that concern critical infrastructures — and that includes healthcare. The Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) have issued a Joint Cybersecurity Advisory in the wake of the takedown. The agencies impel all critical infrastructure entities “to adopt a heightened state of awareness and implement the recommendations listed in the Mitigations section of this Joint Cybersecurity Advisory,” according to the brief.
The FBI and CISA offer several tips and federal links to assist organizations with their mitigation efforts. Tools are available for health IT staff, but there are also helpful ideas for all workers in every industry such as utilizing multifactor authentication, being aware of phishing emails, and following through on software updates in a timely manner. Review the advice at https://us-cert.cisa.gov/ncas/current-activity/2021/05/11/joint-cisa-fbi-cybersecurity-advisory-darkside-ransomware.