FBI: Hospitals and Healthcare Providers Face Imminent Ransomware Threat

Published 11 - November - 2020
Source: TechRepublic
Read full article

The healthcare services have an outdated approach to security awareness, education, and training…

Daniel Norman, Senior Solutions Analyst at the ISF

As the coronavirus started to spread earlier this year, a few ransomware gangs promised to leave hospitals and healthcare facilities alone so they could focus on battling the pandemic. So much for those promises. In fact, the healthcare industry continues to be a prime target for ransomware, so much so that the FBI and two other government agencies are now warning this sector of impending attacks using the infamous Ryuk ransomware.

In a joint advisory published Wednesday, the FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) said they have credible information of an increased and imminent threat to U.S. hospitals and healthcare providers.

Specifically, cybercriminals are targeting the Healthcare and Public Health sector (HPH) with Trickbot malware in an attempt to carry out ransomware attacks, steal data, and disrupt healthcare services. Security experts report that this latest attack has already hit at least four hospitals and could affect hundreds more.

Cybercriminals typically will steal credentials using such commercial products as Cobalt Strike and PowerShell Empire. From there, they will scope out the network to determine the lay of the land, often using built-in operating system commands such as net view, net computers, and ping to find mapped network drives, domain controllers, and active directory installations.

Hospitals and healthcare providers have also lagged behind traditional businesses in adopting the latest and most advanced security technologies.

“The healthcare services have an outdated approach to security awareness, education, and training,” Daniel Norman, senior solutions analyst at the Information Security Forum, told TechRepublic. “The safety and well-being of patients has historically been the top priority, so this mindset needs to translate into the security of systems and devices that will underpin the lives of many. Basic cyber hygiene standards need to be met, covering patching and updates, network segmentation, network monitoring, and hardening, especially for technologies such as (artificial intelligence) AI, robotics, and (Internet of Things) IoT devices.”