This week, it was reported that cyber-attacks were targeting water and wastewater systems throughout the US. The U.S. EPA has set up a task force to assist at risk facilities, as many do not even have basic cyber security protections. Worse still, many municipalities and water utilities struggle to find funding to improve the security of their systems, and overwhelmingly, their systems are severely obsolete and vulnerable. This is yet another reminder that whether a network is part of a water utility, or a hospital system, no one is safe from cyber-attacks and outdated systems continue to be targeted and exploited.

The cyberattacks reported at water utilities are considered “probing” attacks. Where no damage is done, but the hackers now know that they can get in and do damage if they want to. The recent attacks did little more than display inappropriate messages on screens, but they could have done more. Such as disrupting the PLC systems used to operate pumps, filtering equipment, and valves. Essentially, if a hacker group wanted to, they could use a ransomware virus to cripple or even disable a municipality’s water supply. Wiping these viruses off an infected network is a long and expensive process that requires a team of highly skilled professionals. This goes for healthcare facilities affected by cyberattacks as well; they frequently pay the attackers because it is faster than rebuilding their network.

Any qualified IT professional will tell you that strong firewalls, intrusion detection, and segmented networks are key to preventing these types of attacks. The truth is that this is only half of the equation, and these types of attacks are very hard to stop because of the human element involved in computing. All the firewalls in the world won’t protect you if an employee receives what looks like a friendly email, from a trusted colleague, opens it behind the safety of the firewall on the network, and the email is actually a disguised virus that then infects everything. These attacks are called “phishing attacks”, a play on the word “fishing” where hackers attempt to “fish” for victims using personal or known information about the victim. We have had this happen at our Case Medical offices, where employees have reported emails that seemingly come from our CEO with instructions to either download an attachment or to purchase gift cards for a “surprise party”. These emails were obvious phishing attempts to either get money, or gain access to our network.

In your mind, picture all of the employees at your facility that have access to a computer. Any one of them can, at any moment, fall victim to a sophisticated phishing attack that will potentially infect your network with ransomware. Employee training is key to help hedge against this, but there is another solution: the cloud. Cloudifying your systems makes them resilient because it detaches them from your local network which can fall victim to a cyber-attack. CaseTrak360 is fully cloud based and does not live on your local network at all. This means that should the worst happen, and your local network is infected by a cyber-attack, CaseTrak360 will not be affected. The attackers won’t even be able to see it. You will be able to continue working, processing cases, and running procedures, like nothing happened. With your operating room still running, your facility can still make use of it’s profit center, and can still operate effectively. Schedule a demo with us to learn more.