Health Care Organizations Should Be on Guard Against Heightened Ransomware Threats

Chambliss, Bahner & Stophel, P.C.

Chambliss, Bahner & Stophel, P.C.

This week the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) released a Joint Cybersecurity Advisory warning of current ransomware activity targeting the health care and public health sectors. The advisory states that the agencies have credible information concerning increased and imminent cybercrime threats to U.S. hospitals and other health care providers. This advisory comes amidst numerous recent news reports regarding an ongoing spike in ransomware attacks against health care organizations. 

These ransomware attacks often begin with “loader” malware, such as Trickbot and BazarLoader (or BazarBackdoor), which is deployed via e-mail phishing campaigns that contain malicious links or attachments. When staff at health care organizations click on such links or open e-mail attachments, the malware is then used to infect victim networks and subsequently deploy ransomware, including the malware known as Ryuk. For this reason, we recommend that health care organizations distribute internal communications to place their staff on high alert and provide guidance to assist staff in identifying and appropriately handling phishing and other nefarious e-mails. This is something all health care organizations should do regularly, but it is particularly important at present. Issues to consider addressing in such alerts include the following:

  • Watching out for vague or unusual subject lines and e-mail messages
  • Hovering (without clicking) over links to see the actual URL (text labels can be modified to trick staff into believing a link is valid)
  • Double-checking the spelling and accuracy of domain names and links
  • Not clicking links or opening attachments in unexpected e-mails without first obtaining assistance from IT staff
  • Picking up the telephone to verify e-mails with senders
  • Contacting IT staff if there is any doubt about e-mails, links, or attachments
  • Immediately alerting IT staff after mistakenly clicking on a link or opening an attachment that may be malicious
  • Alerting IT when receiving suspicious e-mails so that they can alert others within the organization

We also strongly recommend that health care organizations review the recent advisory, which contains a number of technical details on the ongoing ransomware threat, as well as recommendations for ransomware preparedness and mitigation, including business continuity planning and network best practices. Health care organizations should carefully consider such recommendations and ensure they are taking steps to effectively manage cyber risks and also meet HIPAA and other legal requirements that relate to privacy, security, and data breaches. That includes having an effective plan in place to appropriately respond to cyber events when they occur, enable continued business operations, and avoid strategic missteps that can hamper an organization’s ability to recover.

The initial steps that an organization takes when experiencing a cyberattack are critically important. 

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Chambliss, Bahner & Stophel, P.C. | Attorney Advertising

Written by:

Chambliss, Bahner & Stophel, P.C.

Chambliss, Bahner & Stophel, P.C. on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide

This website uses cookies to improve user experience, track anonymous site usage, store authorization tokens and permit sharing on social media networks. By continuing to browse this website you accept the use of cookies. Click here to read more about how we use cookies.