Risk Alert: Ransomware Activity Targeting the Healthcare and Public Health Sector


[vc_row][vc_column][vc_column_text]The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) issued a Joint Cybersecurity Advisory on October 28, 2020 related to credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.

Key Findings in this advisory:

  • Malicious cyber actors are targeting Healthcare and the Healthcare Public Sector with Trickbot malware, often leading to ransomware attacks, data theft, and the disruptions of healthcare services.
  • These issues will be particularly challenging for organizations with the COVID-19 pandemic: therefore, administrators will need to balance this risk when determining their cybersecurity investments.

Mitigations Recommendations:

Regulatory Compliance

  • SEC/FINRA/NFA/CFTC registrants are required to have Business Continuity, Disaster Recovery, and Incident Response plans that are intended to address ransomware events. Review these plans to ensure they are both technical with respect to data recovery and operationally actionable to confirm they have been tested.

Network Best Practices

  • Patch operating systems, software, and firmware as soon as manufacturers release updates.
  • Check configurations for every operating system version for HPH organization-owned assets to prevent issues from arising that local users are unable to fix due to having local administration disabled.
  • Regularly change passwords to network systems and accounts and avoid reusing passwords for different accounts.
  • Use multi-factor authentication where possible.
  • Disable unused remote access/Remote Desktop Protocol (RDP) ports and monitor remote access/RDP logs.

Ransomware Best Practices

CISA, FBI and HHS do not recommend paying ransoms. Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities. In addition to implementing the above network best practices, the FBI, CISA and HHS also recommend the following:

  • Regularly back up data, air gap, and password protect backup copies offline.
  • Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, secure location.

User Awareness Best Practices

  • Focus on awareness and training. Because end users are targeted, make employees and stakeholders aware of the threats—such as ransomware and phishing scams—and how they are delivered.
  • Additionally, provide users training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities.
  • Ensure that employees know who to contact when they see suspicious activity or when they believe they have been a victim of a cyberattack. This will ensure that the proper established mitigation strategy can be employed quickly and efficiently.

While there is no single way to prevent being targeted, BW Cyber Services can help you develop a comprehensive cyber compliance security program to prevent and respond to future attacks which affect your operations.  For more information on how BW Cyber Services can assist you, please contact us at info@bwcyberservices.com.

For more information on Alert AA20-302A – click here[/vc_column_text][/vc_column][/vc_row]