The FBI, along with the HHS and another government agency, have issued a warning to healthcare organizations stating that they have, “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The ransomware threat warning is discussed.
FBI Ransomware Threat Warning
Ransomware attacks have become more prevalent as of late with hackers exploiting the coronavirus pandemic in several ways. First it was hackers impersonating the CDC and WHO by sending out fake COVID tracking maps. Then it was hackers targeting remote workers by impersonating popular companies such as Microsoft. Now, the FBI is warning healthcare organizations about a new ransomware threat.
This ransomware threat, known as Ryuk, has been spreading rapidly, alluding law enforcement officials who had believed that they had stopped the threat. The ransomware threat maliciously encrypts and steals data, often leaving victims crippled. Hackers then demand ransom in exchange for the return of the files. It has been reported that five hospitals have already fallen victim to a Ryuk attack, just in the past week.
“We are experiencing the most significant cyber security threat we’ve ever seen in the United States,” Charles Carmakal, chief technical officer of the cybersecurity firm Mandiant, said in a statement.
Recommendations on How to Mitigate the Ransomware Threat
The FBI and the HHS have provided recommendations on how healthcare organizations can mitigate the chances of falling victim to the ransomware threat.
This includes:
- Implementing a security management process, which includes conducting a risk analysis to identify threats and vulnerabilities to electronic protected health information (ePHI) and implementing security measures to mitigate or remediate those identified risks;
- Implementing procedures to guard against and detect malicious software;
- Training users on malicious software protection so they can assist in detecting malicious software and know how to report such detections; and
- Implementing access controls to limit access to ePHI to only those persons or software programs requiring access.
How to Detect A Ransomware Threat
There are some key indicators that your organization may have fallen victim to a ransomware attack.
The HHS has cited the following key indicators of a ransomware threat:
- A user’s realization that a link that was clicked on, a file attachment opened, or a website visited may have been malicious in nature;
- An increase in activity in the central processing unit (CPU) of a computer and disk activity for no apparent reason (due to the ransomware searching for, encrypting and removing data files);
- An inability to access certain files as the ransomware encrypts, deletes and re-names and/or relocates data; and
- Detection of suspicious network communications between the ransomware and the attackers’ command and control server(s) (this would most likely be detected by IT personnel via an intrusion detection or similar solution).
For more information about protecting your organization against ransomware threats, please reference the HHS factsheet.
