Increased Cybersecurity Threats to Healthcare Providers
Updated: Oct 30, 2020
The US Cybersecurity and Infrastructure and Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) have credible information of an increased and imminent threat to US hospitals and health care providers. The agencies believe that malicious cyber actors are targeting the health care sector with Trickbot malware, which is leading to ransomware attacks, data theft, and the disruption of health care services. The agencies have released a comprehensive joint alert, which is linked below with other helpful links. The FBI believes the cyber actors may also be using the Conti ransomware, which is a successor to Ryuk. This variant, like others, leverages a system’s native software to remain hidden and gathers data as it moves through the system. In some cases, the cyber actors demand a ransom to not only return the data, but also to agree not to expose the data.
Joint Alert from CISA, FBI, and HHS: This alert details technical indicators of compromise about the Trickbot malware and associated ransomware, including Ryuk. The agencies also provide a table of known Ryuk attack techniques. Mitigation strategies and best practices are also listed.
DOH Advisory: This publication provides common indicators of phishing and general recommendations to help staff evaluate the security of emails. DOH also includes a flyer on “10 Ways to Protect Patients from Cyber Threats,” which can be used to educate staff.
On a CISA Health Care and Public Health Sector call today, the following immediate preparation and mitigation strategies were suggested:
Rehearse IT lockdown procedures
Back-up clinical and operating data and consider using the 3-2-1 backup strategy
Expedite pending patching
Prepare to maintain operations in the absence of IT systems
In the next 24 hours, review and rehearse incident response procedures
Power down equipment that is not being used
Limit staff email usage
Prepare to re-route patients if necessary
Ensure adequate staffing, given the potential increase in administrative tasks
Know who to contact for help and, in the event of phone/email outages, how to contact them
Please contact CHCANYS EM Team with any further questions.
CISA Alerts & more information (Cybersecurity & Infrastructure Agency) – October 29, 2020 -Alert AA20-302A Ransomware Activity Targeting the Healthcare and Public Health Sector
HITEQ (HRSA-funded National Training and Technical Assistance Partner) – Ransomware Guidance Presentation for Health Centers
US CERT (Dept of Homeland Security’s Computer Emergency Readiness team) – Ransomware: What It Is and What To Do About It