September 14, 2022

New Cybersecurity Alert Affects Senior Living

BY LeadingAge

Robust cybersecurity continues to be a critical need for aging services providers, buoyed by news of a recent attack in senior living and a federal alert.

 

The Karakurt ransomware group has targeted a senior living community in the past quarter and is believed to be tied to more than 16 attacks on healthcare providers, according to a recent article in McKnight’s Senior Living.

 

The attacks include email and phone harassment of staff, partners, and clients. The federal Health Sector Cybersecurity Coordination Center (HC3), part of the U.S. Department of Health and Human Services, has issued an alert.

 

Karakurt “gains access to files containing patient names, addresses, Social Security numbers, dates of birth, medical history information, medical diagnosis information, treatment information, medical record numbers and health insurance information,” says the HC3 report. “The threat actor then threatens to release the information unless a ransom is paid.” Karakurt may also present the victim with sample data to show that it has been stolen.

 

Karakurt is believed to gain access to victims’ devices by buying stolen login credentials and access to already compromised victims via third-party intrusion broker networks, says the alert.

Preventing Cyber Attacks

The HC3 alert presents common intrusion vulnerabilities and technical information about how the group carries out attacks, which could be helpful in safeguarding an organization’s system.

LeadingAge CAST Cybersecurity Resources

For more information on how to protect your organization, use the LeadingAge CAST Cybersecurity Resources. You will learn how to recognize threats, mitigate risk, and respond to an attack. The resource includes a white paper, case studies, and a benchmarking questionnaire.

 

If you are using voice technology, please check out “Opportunities, and Risks, with New Smart Voice Technology in Senior Living.” For information on how a life plan community managed HIPAA compliance and cybersecurity mitigation, see the CAST case study, “Managing HIPAA Compliance and Cyber Security Through Partnership” or review the summary.