March 8, 2021

Volume XI, Number 67


March 05, 2021

Subscribe to Latest Legal News and Analysis

Multiple Federal Agencies Jointly Warn of Increased and Imminent Cybercrime Threat to U.S. Hospitals and Healthcare Providers

On October 28, 2020, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) issued a Joint Cybersecurity Advisory warning of “an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The agencies collectively warned that “malicious cyber actors are targeting the Healthcare and Public Health (HPH) Sector with Trickbot malware, often leading to ransomware attacks, data theft, and the disruption of healthcare services.”

This advisory provides detailed information about Trickbot malware, including indicators of compromise. Specifically, the advisory includes information about the tactics, techniques and procedures used by cybercriminals to infect systems with “Ryuk” ransomware, which frequently has been deployed in connection with nefarious Trojans like Trickbot.

The HPH Sector has long been a prominent and high-value target for malicious cyber attackers. However, in 2020, ransomware attacks against HPH companies have increased both in frequency and severity – with unfortunate results, including, in at least one case, the death of a patient.

The advisory encourages HPH Sector companies to review and update their business continuity plans so that they will be able to continue to execute essential functions in the event of a cyberattack emergency. HPH System administrators who see indicators of a Trickbot network compromise are advised to immediately “take steps to back up and secure sensitive or proprietary data” because of the risk of an “imminent ransomware attack.”

The advisory also lists a number of best practices to minimize damage and disruptions from cyberattacks, including:

  • Routinely patch operating systems, software and firmware

  • Check operating system configurations to optimize the ability to respond to cyberattacks at both a system-wide and local level

  • Change network passwords regularly

  • Use multi-factor authentication

  • Disable unused remote access ports and monitor remote access logs

  • Implement rules to only allow systems to execute programs known and permitted by established security policies

  • Regularly audit user accounts with administrative privileges

  • Review logs to ensure the legitimacy of new accounts

  • Scan for open or listening ports

  • Identify critical assets and create offline backups of these systems

  • Implement network segmentation

  • Update antivirus and anti-malware software

The Joint Advisory is the latest reminder of the ongoing cyberattack threat faced by companies in the HPH Sector. All companies – especially those in the HPH Sector – should carefully review the Joint Advisory and ensure that they are aware of the threat and that they are complying with the recommended best practices and mitigation measures detailed therein.

© 2020 Faegre Drinker Biddle & Reath LLP. All Rights Reserved.National Law Review, Volume X, Number 303



About this Author

Peter Baldwin, Securities lawyer, Drinker Biddle

Peter W. Baldwin, a former federal prosecutor, defends clients facing white-collar criminal and internal investigations, securities enforcement actions, cybersecurity issues, and other complex civil and criminal litigation matters. Prior to joining Drinker Biddle, Pete spent over eight years as an Assistant United States Attorney in the U.S. Attorney’s Offices for the Eastern District of New York and Central District of California. In this role, he supervised all aspects of criminal investigation and prosecution, first as a member of the Major Frauds Section in the Central...

(212) 248-3147

Jason G. Weiss is an attorney and award-winning law enforcement and cybersecurity professional who served with distinction for over two decades at the Federal Bureau of Investigation. He is Counsel in Drinker, Biddle and Reath’s Information Governance and E-Discovery group, where his practice focuses on cybersecurity incident preparedness and response, compliance with CCPA and other information governance laws and requirements, as well as data analytics, investigations, and e-discovery.

Prior to joining Drinker Biddle, he was most recently a Supervisory Special...