Ransomware Activity Targeting the Healthcare and Public Health Sector

Summary

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) released a Cybersecurity Advisory to provide the Healthcare and Public Health Sector (HPH) with information regarding an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers and are warning healthcare providers to ensure they take timely and reasonable precautions to protect their networks from these threats.

The advisory details the tactics, techniques, and procedures (TTPs) used by cyber-criminals against targets in the Healthcare and Public Health Sector (HPH) to infect systems with Ryuk ransomware for financial gain. The agencies assess that threat actors are targeting the HPH Sector with TrickBot malware, which often leads to a ransomware attacks, data theft, and disruption of operations and services. A cyber incident would be particularly acutely challenging for organizations involved with COVID-19 relief and treatment, particularly as the nation experiences increases in the number of infections.

Recommendations

The NJCCIC highly advises HPH Sector organizations review the Cybersecurity Advisory, search their systems and network for the indicators of compromise (IOCs) provided within, and apply the recommendations and best practices to reduce their risk of a ransomware or other malware infection, including exercising caution with emails – particularly those from unknown senders – and refraining from enabling macros in email attachments, reducing or eliminating external-facing systems, having a comprehensive data backup plan that includes offline backups, and ensuring there is a ransomware continuity of operations plan (COOP) in place. Should a ransomware infection affect the HPH Sector in a particular region, diverting patients may not be a reasonable option and a COOP is encouraged for this situation.