Critical Ransomware Threat to Public Hospital/Health Systems

On October 29, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) issued a critical Cybersecurity Advisory to the Healthcare and Public Health (HPH) sectors. The advisory describes the tactics, techniques, and procedures used by cybercriminals to attack targets and infect systems with the Ryuk ransomware for financial gain. The advisory cites credible information about an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers, warning providers and related covered entities to ensure they take timely and reasonable precautions to mitigate these attacks to the extent possible.

Key findings of the report include:

• CISA, FBI, and HHS assess malicious cyber actors are targeting the HPH Sector with Trickbot malware, often leading to ransomware attacks, data theft, and the disruption of healthcare services; and
• These issues will be particularly challenging for organizations within the COVID-19 pandemic; therefore, administrators will need to balance this risk when determining their cybersecurity investments.

Immediate actions that can be taken to prepare:

• Assess backup and restoration plan and capabilities.
• Verify a clean backup of critical data is available offline.
• Map and inventory critical assets.
• Ensure strong credentials and multifactor authentication is implemented for critical services and systems, especially backup tools.
• Restrict access to third party tools and email services that are not explicitly approved by IT/management (Gmail/google drive, dropbox, etc.).

The full text of the advisory can be accessed at https://us-cert.cisa.gov/ncas/alerts/aa20-302a.

Marcum Technology’s Cybersecurity & Digital Forensics team is able to provide a comprehensive suite of cybersecurity solutions that can help your organization effectively plan, protect, and respond to this and other similar threats.