Basic cyber hygiene standards need to be met, covering patching and updates, network segmentation, network monitoring and hardening, especially for technologies such as AI, robotics and IoT devices.
Dan Norman, Senior Solutions Analyst at the ISF
The Cybersecurity and Infrastructure Security Agency (CISA), FBI and the U.S. Department of Homeland Security warned this week of an “imminent cybercrime threat to U.S. hospitals and healthcare providers.”
The crime in question involves a form of ransomware that a Russian cybercriminal gang known as UNC1878 plans to deploy in order to steal data from and disrupt the information technology systems of hundreds of hospitals, clinics and medical care facilities around the U.S., according to the agencies, which say the alert is based on “credible information” they received.
“CISA, FBI, and HHS are sharing this information to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats,” said CISA in an alert issued this week.
Independent security experts assert the attack has already hit at least five U.S. hospitals this week and could potentially impact hundreds more, reported the Associated Press.
The ransomware is called Ryuk and converts data into non-legible information that can only be accessed with software keys that are provided once the ransom has been paid. It is spread through a network of zombie computers called Trickbot, which both Microsoft and U.S. Cyber Command have reportedly tried to counter through legal processes, according to Reuters.
The timing of the attack coincides with the U.S. presidential election, raising concerns about election interference. No signs of this, however, have been reported. In addition, a total of 59 U.S. healthcare systems were hit by ransomware in 2020, disrupting patient care at up to 510 facilities, reports the AP.
To help providers protect against Ryuk, CISA, FBI and HHS have issued sets of network, ransomware and user awareness best practices, as well as recommended mitigation measures, from patching operating systems to disabling remote access, to regularly backing up data and password protect backup copies offline.
“The healthcare services have an outdated approach to security awareness, education and training. With this industry adopting new and emerging technologies, the requirement to educate and train the entire workforce on a range of cyber risks and threats is urgent,” said Daniel Norman, senior solutions analyst at the Information Security Forum, in a statement. “Basic cyber hygiene standards need to be met, covering patching and updates, network segmentation, network monitoring and hardening, especially for technologies such as AI, robotics and IoT devices.”