Please enter the text in the same order as shown in the Image below
Take Courses
Get Certified
Attend Events
Explore Resources

Cybersecurity Guidance for High-Risk Nonprofits on the Heels of the Latest Healthcare Breach

May 22, 2024 Leave a comment DRI Admin

With healthcare providers like Ascension hindered by cyberattacks, the Cybersecurity and Infrastructure Security Agency (CISA) offers guidance for these at-risk organizations.

In early May, Ascension, a major U.S. healthcare network, was hit by a ransomware attack that impacted hospitals across 19 states. This forced the organization to revert to “downtime procedures” – meaning paper records and other backup processes – to continue care. Patients were asked to bring printed notes on symptoms from previous visit summaries – and lists of current medications, including bottles with prescription numbers if available.

Weeks later, Ascension’s level of care has been routinely longer than usual or delayed entirely, as it continues the struggle to return its systems to normal. Though its main services are back up and running, questions remain about how much protected patient data has been breached, resulting in three class action lawsuits filed.

Though this attack was severe, it’s unfortunately become increasingly common, as healthcare and other large nonprofit organizations have become favored targets of cybercriminals. In 2023, a record-setting 725 large security breaches in healthcare were reported, beating the previous year’s 720.

To help combat this trend, CISA has released new guidance for high-risk nonprofits and other community organizations that may not have the resources they need. Among the recommendations in “Mitigating Cyber Threats With Limited Resources: Guidance For Civil Society”:

  • Keep software updated on user devices and IT infrastructure
  • Implement phishing-resistant multifactor authentication
  • Audit accounts and disable unused/unnecessary accounts
  • Exercise due diligence when selecting vendors, including cloud service providers and managed service providers
  • Implement basic cybersecurity training
  • Develop and exercise incident response and recovery plans

DRI International is a valuable resource to help high-risk organizations secure sensitive data and maintain continuity of care during critical emergencies. Learn more about upcoming courses in Cyber Resilience and Healthcare Continuity.

4 Parklane Boulevard
Suite 425
Dearborn, MI 48126

London Office
Tallis House
2 Tallis Street
London, EC4Y 0AB

©2024 DRI International, Inc. All Rights Reserved.