Cybersecurity AlertAlert (AA20-302A)

Ransomware Activity Targeting the Healthcare and Public Health Sector

Alarming reports of cybercriminals targeting the healthcare sector with ransomware have caused widespread concern among healthcare providers. In a joint cybersecurity alert, the Federal Bureau of Investigation (FBI);  the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) warned, “CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The recent threats have once again stressed the need for more robust cybersecurity measures.  

Various tools and techniques are being used to lure victims into unwittingly revealing protected health information (PHI). Clinicians and employees in the healthcare sector must stay vigilant. Cybercriminals are reportedly using phishing emails with links that seem to be legit emails to lure victims and hold their data or systems hostage until a ransom is paid to a bitcoin wallet. The emails include links to websites which host the malware which may also be sent via an email attachment.

Cybersecurity Alert Recommendations

Basic Cybersecurity Alert Suggestions

  • Update systems, software and firmware as soon as patches are released by manufacturers.
  • Change passwords to networks and accounts regularly and avoid reusing passwords.
  • Look out for phishing emails from cybercriminals that may look legit.
  • Create a cyber-incident response plan to ensure continuity of service.
  • Identify critical assets such as medical records, telehealth and telework infrastructure, and create offline backups.
  • Maintain offline backups and undergo regular tests.
  • Configure antivirus solutions to do regular scans and download new software updates.   
  • Make sure you know who to contact in the case of a suspected cyberattack.

Business Continuity Plan

CISA, FBI, and HHS encourage healthcare providers to minimize service interruptions by implementing business continuity plans which aim to maintain essential functions through emergencies.

Note that in the case of a ransomware attack, paying the ransom does not guarantee getting your systems or data back. CISA, FBI, and HHS do not recommend paying the ransom. To prevent this potentially catastrophic event from happening, start implementing precautionary measures. For technical details and guidance visit this link. 

Other Cybersecurity Alert Considerations

  • Separate sensitive data from email servers by using a dedicated or separate server 
  • Configure antivirus solutions to do regular scans and download new software updates. 
  • Inspect accounts with administrative privileges and try to limit access controls whenever possible.  
  • Focus on employee awareness to prevent them from falling prey to cyberattacks.