- Ryuk ransomware poses a credible and imminent threat to US healthcare industry, claims advisory from the FBI, CISA, and HHS.
- Hospitals told to harden their defences and ensure they have a mitigation strategy which can be deployed quickly.
US Hospitals and healthcare providers have been warned that there is evidence of a credible and imminent threat that they will be targeted by ransomware.
In an alert jointly released by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS), the agencies reveal that it has “credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers.”
Specifically, the advisory, entitled “Ransomware Activity Targeting the Healthcare and Public Health Sector”, warns that malicious hackers are plotting to infect hospitals with the notorious Ryuk ransomware.
Such an infection, typically initiated with an infection of the Trickbot malware, could result in the theft of sensitive medical data and the disruption of healthcare services.
As security blogger Brian Krebs explains, the situation is complicated by the fact that the gang of criminals behind the Ryuk ransomware will often customise their attacks to specific targets – meaning there is little in the way of indicators of compromise (IoCs) that can be shared in advance across the healthcare industry.
And that must be a frightening thought for the hundreds of hospitals and healthcare organisations which could imminently be facing an attack, that could even put patients’ lives at risk.
The administrators of medical organisations will have seen the impact wrought on Universal Health Services (UHS) last month, after numerous of its hospitals across the United States were left without access to computers and phone systems following an aggressive Ryuk ransomware attack.
So, just what can hospitals and healthcare providers do about the threat?
The answer is to adopt a number of best practices to strengthening computer networks – including patching software, using unique and strong passwords, enabling multi-factor authentication, disabling unused remote access ports and monitoring logs, auditing user accounts with admin privileges and ensuring that critical data is safely backed up securely offline.
In addition, end users need to be made aware of the threats, and trained about how ransomware attacks can be disguised. Staff should feel comfortable in both reporting suspicious activity and when they believe that they might have already been attacked, so mitigation steps can be taken as quickly and efficiently as possible.
Much more detail on what can be done was detailed last month in an in-depth guide published by CISA, filled with good recommendations on how organisations can reduce the chances of becoing a victim of a ransomware attack, as well as a step-by-step checklist on how to respond if they are targeted.