State of Emergency: How Minnesota hospitals, state officials prepare for cyber attacks
MINNEAPOLIS — The State of Minnesota stores and protects data on some six million residents, and that's only one cache of sensitive information under the close watch of Minnesota IT Services (MNIT).
"It's everything from highways and highway traffic control systems, we run the zoo. We run everything in between," John Israel, chief information security officer at MNIT, explained to WCCO Investigates. "If there's any large internet outage — you've probably experienced that at home, what happens when you lose access to web — imagine that on a large scale basis."
Those worst-case scenarios threaten all kinds of critical infrastructure, from highways to hospitals to communications to finance. State lawmakers recently earmarked an extra $32 million to MNIT's budget specifically to bolster cyber defenses.
MNIT last year also rolled out the first statewide cybersecurity plan, which covers more than 3,000 government entities.
"I'll say I think we're doing a lot of the right things," Israel added. "Many of the cyber attacks — hackers are using compromised machines they're stealing from people in day to day businesses."
State officials reported more than 1,000 security incidents last year, hitting schools, universities, and government offices. Hospitals and health clinics have also been on the defensive.
MORE: Are Minnesota agencies better prepared for civil unrest?
Yan Kravchenko, director of core technology and information security at Hennepin Healthcare, said his team manages more than 50,000 devices.
"Quite literally every aspect of health care at this point has some technology component to it, which is to say nothing of all the medical devices that we rely on every single day," he added. "An attacker has to be right once, but someone responsible for defending our systems we have to be right 100% of the time. We have to always be prepared. It never stops."
Kravchenko's team — and budget — have also grown, but he echoed state officials in imploring everyone to strengthen their own cyber security at home.
"The hardest part about this is as damaging as these attacks are, the reality is 90% of them are easily preventable," Kravchanko lamented. "In security we have a saying that the biggest security vulnerability is somewhere between the keyboard and the chair."
Federal cyber officials also offer these four critical steps everyone can take to protect themselves online:
- Protect your computer by using security software. Set the software to update automatically so it can deal with any new security threats.
- Protect your mobile phone by setting software to update automatically. These updates could give you critical protection against security threats.
- Protect your accounts by using multi-factor authentication. Some accounts offer extra security by requiring two or more credentials to log in to your account. This is called multi-factor authentication. The additional credentials you need to log in to your account fall into two categories: Something you have — like a passcode you get via an authentication app or a security key. The other category is something you are — like a scan of your fingerprint, your retina, or your face. Multi-factor authentication makes it harder for scammers to log in to your accounts if they do get your username and password.
- Protect your data by backing it up. Back up your data and make sure those backups aren't connected to your home network. You can copy your computer files to an external hard drive or cloud storage. Back up the data on your phone, too.
