The federal government alerted healthcare providers this week about what it described as the “increasing and imminent” cyber crime threat in US hospitals, urging medical systems to take appropriate precautions to protect their networks from ransomware attacks.
Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and Department of Health and Human Services (HHS) published report Wednesday claims they have credible information indicating looming cyber attack threats on healthcare providers with Trickbot and Ryuk malware.
The report’s release comes roughly a month after one of the country’s largest hospital systems experienced a widespread malware attack that caused the company to shut down all of its information technology systems.
Responding to what is possibly the largest cyber attack in the US, Universal Health Services (UHS), which operates hundreds of hospital locations in the United States, said it implemented extensive IT protocols and was working diligently with security partners in response to cyber attacks.
UHS confirmed in mid-October its network of companies and hospitals was back online, noting there was no indication that patient or employee data had been breached during the attack.
“When the network is offline, patient care is provided safely and effectively at our facilities across the country using an established backup process, including the offline documentation method,” the company said.
According to federal government cybersecurity reports, malicious cybercriminals target the medical sector with Trickbot malware, often leading to “ransomware attacks, data theft and disruption of healthcare services,” as seen in the UHS case.
Federal agencies suggest dealing with this problem is expected to be very challenging given corona virus pandemic, so hospital administrators and other health care organizations need to balance risks when determining their cybersecurity investment.
Since 2016, the agency noted, the cybercriminals behind the Trickbot malware have continued to develop new virtual instruments that improve “the ease, speed and profitability of victimization”, giving hackers a “complete set of tools” to carry out a wide range of illegal cyber activities.
“These activities include credential retrieval, mail exfiltration, cryptomining, point-of-sale data exfiltration and distribution of ransomware, such as Ryuk,” said CISA, FBI and HHS in their report.
Individuals using Ryuk ransomware will typically use commercial computer products to steal credentials, according to the report.
Ryuk was first seen in August 2018 and is responsible for many cyber attacks globally. It is a targeted ransomware in which requests are defined according to the victim’s perceived ability to pay, the UK’s National Cyber Security Center said in a advisor.
“Ryuk ransomware is often not observed until a period of time after the initial infection – from days to months – which allows the perpetrator to have time to perform surveillance within the infected network, identify and target critical network systems and therefore maximize the impact of the attack,” said the advisor. that.
In an effort to reduce the risk of hospital ransomware, the FBI has issued the following guidelines.
Networking best practices
- Patch the operating system, software, and firmware as soon as the manufacturer releases an update.
- Check the configuration for all versions of the operating system to prevent problems that cannot be fixed by users because administration is disabled.
- Change the network system and account passwords regularly, and avoid reusing passwords for different accounts. Also use multi-factor authentication whenever possible.
Ransomware best practices
- CISA, FBI and HHS do not recommend ransom payments. Such payments do not guarantee files will be recovered and can instead embolden the enemy to target additional organizations, encouraging other criminals to engage in the same practice.
- Back up and protect data regularly, and make sure there are backup copies available offline.
- Set up a recovery plan to maintain and store multiple copies of sensitive data and servers in a physically separate and secure location.
User awareness best practices
- Focus on awareness and training, educating employees and stakeholders about ransomware threats and phishing scams.
- Provide training on information security principles and techniques and emerging cybersecurity risks and vulnerabilities in general.
- Make sure employees know who to contact when they see suspicious activity or when they believe they have been the victim of a cyber attack. Doing so will ensure that mitigation strategies can be deployed quickly and efficiently.
More information on mitigating ransomware threats can be found on CISA website.
to request modification Contact us at Here or [email protected]