December 4, 2020

Volume X, Number 339

Advertisement

December 03, 2020

Subscribe to Latest Legal News and Analysis

December 02, 2020

Subscribe to Latest Legal News and Analysis

December 01, 2020

Subscribe to Latest Legal News and Analysis

Federal Agencies Issue Joint Alert on Imminent Cybercrime Threat to Healthcare Providers

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) have issued a joint cybersecurity advisory stating they have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.

The advisory describes the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the Healthcare and Public Health Sector (HPH) to infect systems with Ryuk ransomware for financial gain. The advisory provides technical details on the threat from Ryuk ransomware and new Trickbot malware modules named Anchor. The anticipated threat posed by this malware and ransomware is using encryption to interfere with a hospital’s access to its systems and ability to provide care and holding a decryption key for ransom.

In addition to the technical details, the advisory identifies steps hospitals and healthcare providers should take to protect themselves from this cybercrime threat. Those steps include maintaining an up-to-date business continuity plan and other best practices.

Network Best Practices

  • Patch operating systems, software, and firmware as soon as manufacturers release updates.

  • Check configurations for every operating system version for HPH organization-owned assets to prevent issues from arising that local users are unable to fix due to local administration being disabled.

  • Regularly change passwords to network systems and accounts and avoid reusing passwords for different accounts.

  • Use multi-factor authentication (MFA) where possible.

  • Disable unused remote access or Remote Desktop Protocol (RDP) ports and monitor remote access or RDP logs.

  • Audit user accounts with administrative privileges and configure access controls with the least privilege necessary in mind.

  • Audit logs to ensure new accounts are legitimate.

Ransomware Best Practices

  • CISA, FBI, and HHS do not recommend paying ransoms.

  • Regularly back up data, air gap, and password-protect backup copies offline.

  • Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, secure location.

User Awareness Best Practices

  • Focus on awareness and training. Because end users are targeted, make employees and stakeholders aware of the threats (such as ransomware and phishing scams) and how they are delivered.

  • Provide users training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities.

  • Ensure that employees know who to contact when they see suspicious activity or when they believe they have been a victim of a cyberattack.

The advisory notes that addressing the risks posed by malware and ransomware attacks will be particularly challenging for hospitals and healthcare providers during the COVID-19 pandemic. 

Jackson Lewis P.C. © 2020National Law Review, Volume X, Number 303
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Michael Bertoncini, Jackson Lewis, labor relations attorney, employment litigation lawyer, NLRB proceedings counsel, arbitration law
Principal

Michael R. Bertoncini is a Principal in the Boston, Massachusetts, office of Jackson Lewis P.C. He practices labor and employment law, with a particular emphasis on labor relations, and employment law counseling and litigation.

In labor relations matters, he regularly counsels clients on the practice of positive employee relations, negotiates collective bargaining agreements on behalf of organized clients, represents clients in labor arbitrations and National Labor Relations Board proceedings, and counsels clients with...

617-367-0025
Jason C. Gavejian, Employment Attorney, Jackson Lewis, Principal, Restrictive Covenants Lawyer
Principal

Jason C. Gavejian is a Principal in the Morristown, New Jersey, office of Jackson Lewis P.C. and a Certified Information Privacy Professional (CIPP/US) with the International Association of Privacy Professionals.

Mr. Gavejian represents management exclusively in all aspects of employment litigation, including restrictive covenants, class-actions, harassment, retaliation, discrimination and wage and hour claims in both federal and state courts. Additionally, Mr. Gavejian regularly appears before administrative agencies,...

(973) 538-6890
Advertisement
Advertisement