Back to top

Recent Ransomware Targeting the Healthcare and Public Health Sector

Greg Manson

On October 28th, the US Cybersecurity and Infrastructure Security Agency (CISA), the Department of Health and Human Services and the FBI released a statement saying there is "credible information of an increased and imminent cybercrime threat" to U.S. hospitals and health care providers.

“CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers,” the advisory stated. “CISA, FBI, and HHS are sharing this information to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.”

Key findings of the report states that malicious cyber actors are targeting the HPH Sector with Trickbot malware, often leading to ransomware attacks, data theft, and the disruption of healthcare services. The advisory claims that these issues will be particularly challenging for organizations within the COVID-19 pandemic; therefore, administrators will need to balance this risk when determining their cybersecurity investments.

They are urging institutions to take necessary precautions to protect their networks. In the advisory, the agencies offered advice for healthcare facilities to guard against ransomware.

  • Regularly back up data, air gap, and password protect backup copies offline.
  • Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, secure location.
  • Regularly change passwords to network systems and accounts and avoid reusing passwords for different accounts. Use multi-factor authentication where possible.
  • Audit user accounts with administrative privileges and configure access controls with least privilege in mind. Review logs to ensure new accounts are legitimate.
  • Focus on awareness and training. Because end users are targeted, make employees and stakeholders aware of the threat, such as ransomware and phishing scam, and how they are delivered. Additionally, provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities.
  • Ensure that employees know whom to contact when they see suspicious activity or when they believe they have been a victim of a cyberattack. This will ensure that the proper established mitigation strategy can be employed quickly and efficiently.

Beyond health care facilities, the FBI says ransomware attacks have been on the rise for several years against hospitals, school districts, state and local governments and even law enforcement.

It is important to understand that breaches and attacks are inevitable, criminals are always finding new ways to break in. If you don't feel like your organization is where it needs to be from a security standpoint, then it's time for a serious conversation. The Logically team is available to answer any questions you may have.