FBI advisory: Ransomware activity targeting health care and public health sectors
The Federal Bureau of Investigation (FBI) and two other federal agencies are warning of an imminent cybercrime threat to U.S. health care providers, noting that several hospitals across the country have already been hit. In a joint advisory, the Cybersecurity and Infrastructure Security Agency (CISA), FBI, and the U.S. Department of Health and Human Services (HHS) said they have credible information that cybercriminals are taking aim at health care providers and public health agencies amid the COVID-19 pandemic using Ryuk ransomware for financial gain. Physician practices, hospitals, and public health organizations are advised to take precautions to protect their networks from such threats.
The agencies recommend several mitigation steps and best practices that health care entities should take to reduce their risk, including:
- Patch operating systems, software, and firmware as soon as manufacturers release updates.
- Regularly change passwords to network systems and accounts and avoid reusing passwords for different accounts.
- Use multi-factor authentication where possible.
- Disallow use of personal email accounts.
- Disable unused remote access/Remote Desktop Protocol (RDP) ports and monitor remote access/RDP logs.
- Identify critical assets and create backups of these systems and house the backups offline from the network.
- Set antivirus and anti-malware solutions to automatically update and conduct regular scans.
The American Medical Association and the American Hospital Association have issued a resource to help physicians and hospitals guard against cyber threats. Additional cyber security information and resources are available here.
• • •