Yesterday officials from the FBI, U.S. Department of Homeland Security, and Cybersecurity and Infrastructure Security Agency issued a joint alert that the agencies possessed “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The alert warns that Trickbot, a form of malware that has been in use since about 2016, has become a regular trojan for a strain of ransomware called Ryuk developed by an eponymously named group of cybercriminals, and that law enforcement believes "malicious cyber actors are targeting the [health care and public health] sector with Trickbot malware, often leading to ransomware attacks, data theft, and the disruption of healthcare services.” Reporting indicates that online communications between cybercriminals connected with Ryuk suggests that the ransomware could be deployed to hundreds of health care facilities throughout the U.S. as the nation continues to grapple with the COVID-19 pandemic.
Though the alert is aimed at the health care industry, it is worth noting that Trickbot and Ryuk have been used to attack numerous companies, including Nutter clients both inside and outside the health care industry.
In light of this alert, companies should immediately take timely and reasonable precautions to protect their networks from these and other cyber security threats including reviewing and updating their business continuity plans, evaluating the technical soundness of their security posture, and reiterating to their employees the importance of exercising skepticism and vigilance in spotting suspicious activity.