top of page
  • Alex Lipovtsev

Increased Cybersecurity Threats to Healthcare Providers

Updated: Oct 30, 2020

The US Cybersecurity and Infrastructure and Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have credible information of an increased and imminent threat to US hospitals and health care providers. The agencies believe that malicious cyber actors are targeting the health care sector with Trickbot malware, which is leading to ransomware attacks, data theft, and the disruption of health care services. The agencies have released a comprehensive joint alert, which is linked below with other helpful links.  The FBI believes the cyber actors may also be using the Conti ransomware, which is a successor to Ryuk. This variant, like others, leverages a system’s native software to remain hidden and gathers data as it moves through the system. In some cases, the cyber actors demand a ransom to not only return the data, but also to agree not to expose the data.

  • Joint Alert from CISA, FBI, and HHS: This alert details technical indicators of compromise about the Trickbot malware and associated ransomware, including Ryuk. The agencies also provide a table of known Ryuk attack techniques. Mitigation strategies and best practices are also listed. 

  • DOH Advisory: This publication provides common indicators of phishing and general recommendations to help staff evaluate the security of emails. DOH also includes a flyer on “10 Ways to Protect Patients from Cyber Threats,” which can be used to educate staff. 

  • On a CISA Health Care and Public Health Sector call today, the following immediate preparation and mitigation strategies were suggested:

  • Rehearse IT lockdown procedures

  • Back-up clinical and operating data and consider using the 3-2-1 backup strategy

  • Expedite pending patching

  • Prepare to maintain operations in the absence of IT systems

  • In the next 24 hours, review and rehearse incident response procedures

  • Power down equipment that is not being used

  • Limit staff email usage

  • Prepare to re-route patients if necessary 

  • Ensure adequate staffing, given the potential increase in administrative tasks 

  • Know who to contact for help and, in the event of phone/email outages, how to contact them

Please contact CHCANYS EM Team with any further questions. 


Additional Resources:

Recent Posts

See All
bottom of page