The FBI, HHS and Cybersecurity and Infrastructure Security Agency in the Department of Homeland Security published an update to their Oct. 28 joint statement on ransomware targeting healthcare providers. The statement warned of Trickbot, BazarLoader and other ransomware deployment techniques.
“Of note, some recent healthcare sector victims have experienced very short periods of time between initial compromise and activation — even under a few hours,” says the Nov. 16 statement. The agencies went on to advise healthcare providers implement additional protections and follow anti-ransomware best practices, such as:
- Conducting regular vulnerability scans
- Addressing vulnerabilities
- Using the 3-2-1 backup system, with three copies of data, two copies on different media and one copy offsite
“Based upon the accelerated attack cycle identified in this notice, it is recommended that organizational leaders incorporate in their incident response contingency plans a very short time to react to a compromise and make possible critical containment decisions, such as shutting down key IT services and networks,” said John Riggi, American Hospital Association senior advisor for cyber and risk in an AHA news report.
There have been several cyberattacks against hospitals and health systems since September, all leading to IT system shut downs. Those incidents can have a far-reaching effect on the organization. For example, Sky Lakes Medical Center in Klamath Falls, Ore., is replacing 2,000 computers and purchasing new servers due to the attack and University of Vermont Health Network in Burlington furloughed or reassigned about 300 employees who were unable to do their regular jobs during the outage.
More articles on cybersecurity:
10,000 COVID-19 test results mistakenly sent to wrong party, Delaware health agency says
Cyberattacks on healthcare providers expected to triple next year: Black Book report
How cyberattacks against hospitals could disrupt COVID-19 response
