Federal Agencies Issue Joint Alert On Imminent Cybercrime Threat To Healthcare Providers

Jackson Lewis P.C.
Contact

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) have issued a joint cybersecurity advisory stating they have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.

The advisory describes the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the Healthcare and Public Health Sector (HPH) to infect systems with Ryuk ransomware for financial gain. The advisory provides technical details on the threat from Ryuk ransomware and new Trickbot malware modules named Anchor. The anticipated threat posed by this malware and ransomware is using encryption to interfere with a hospital’s access to its systems and ability to provide care and holding a decryption key for ransom.

In addition to the technical details, the advisory identifies steps hospitals and healthcare providers should take to protect themselves from this cybercrime threat. Those steps include maintaining an up-to-date business continuity plan and other best practices.

Network Best Practices

  • Patch operating systems, software, and firmware as soon as manufacturers release updates.
  • Check configurations for every operating system version for HPH organization-owned assets to prevent issues from arising that local users are unable to fix due to local administration being disabled.
  • Regularly change passwords to network systems and accounts and avoid reusing passwords for different accounts.
  • Use multi-factor authentication (MFA) where possible.
  • Disable unused remote access or Remote Desktop Protocol (RDP) ports and monitor remote access or RDP logs.
  • Audit user accounts with administrative privileges and configure access controls with the least privilege necessary in mind.
  • Audit logs to ensure new accounts are legitimate.

Ransomware Best Practices

  • CISA, FBI, and HHS do not recommend paying ransoms. Further, the U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) recently issued an advisory alerting companies of the potential sanctions risk for facilitating ransomware payments.
  • Regularly back up data, air gap, and password-protect backup copies offline.
  • Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, secure location.

User Awareness Best Practices

  • Focus on awareness and training. Because end users are targeted, make employees and stakeholders aware of the threats (such as ransomware and phishing scams) and how they are delivered.
  • Provide users training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities.
  • Ensure that employees know who to contact when they see suspicious activity or when they believe they have been a victim of a cyberattack.

The advisory notes that addressing the risks posed by malware and ransomware attacks will be particularly challenging for hospitals and healthcare providers during the COVID-19 pandemic. Additional advice on avoiding and responding to an attack is available here. 

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Jackson Lewis P.C. | Attorney Advertising

Written by:

Jackson Lewis P.C.
Contact
more
less

Jackson Lewis P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.