December 4, 2020

Volume X, Number 339

Advertisement

December 03, 2020

Subscribe to Latest Legal News and Analysis

December 02, 2020

Subscribe to Latest Legal News and Analysis

December 01, 2020

Subscribe to Latest Legal News and Analysis

U.S. Cybersecurity Organizations Issue Warning on Ransomware Activity Targeting Healthcare with Guidance Applicable to All Industries

On October 28, 2020, the U.S. Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of Health and Human Services (HHS) issued a joint warning that they have “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The warning comes on the heels of what may be the earliest reports of a causal relationship between a ransomware attack and the death of a patient at a healthcare facility. In September, prosecutors in Germany launched a negligent homicide investigation after a patient at Dusseldorf University Hospital died following a ransomware attack that hampered emergency services. More recently, authorities linked the same incident to a ransomware attack in the U.S., impacting all 250 locations of a hospital chain headquartered in Pennsylvania, with additional hospitals and healthcare facilities facing current threats, several of which are being adversely affected by similar ransomware events.  

U.S. agencies believe that hackers are targeting the healthcare industry with the Trickbot malware and the Ryuk ransomware, with the intent to engage in “data theft and disruption of healthcare services.” Once a target is infected with the malware such as Trickbot, it is used to deploy the Ryuk ransomware. When targeted towards the healthcare industry, the malware and ransomware combination can disrupt critical healthcare services that are already taxed due to COVID-19 and facing increased cyber vulnerabilities due to the pandemic. While hospitals may have considered taking specific systems offline or spent time bolstering their systems and defenses, many are scrambling just to keep them up and running in light of the operational challenges presented by the  COVID-19 pandemic including the rapid scaling of the remote workforce and resulting security vulnerabilities such as a vastly expanded attack surface for such organizations. The warning provides technical details about the malware, which should be reviewed by system administrators and other IT professionals responsible for protecting the organization’s IT systems, particularly those in the healthcare space. 

While this warning was specifically directed at new threats targeting the healthcare industry, hackers have targeted other industries using similar, if not the same, methods with the sole intention of stealing data, extracting money, and disrupting the economy. Targeted industries include manufacturing, automotive, logistics, hospitality, and financial services, among others. The warning directs organizations to study CISA’s Ransomware Guide, which should be referred to by organizations of all types to help develop best practices to prevent, protect, and respond to a ransomware attack. 

The potential for disruption to safety-critical applications, such as medical and life-support systems, make healthcare organizations, including retirement communities, a high-value target for ransomware attacks. Faced with the inability to provide life-saving medical services, especially in the face of the COVID-19 pandemic, healthcare organizations may be tempted to pay the demanded ransom. However, organizations should be aware that the payment of the ransom does not ensure that they will be able to decrypt the data or that the system will not be left compromised with malware, allowing for a later ransomware attack or compromise of data. Furthermore, in some cases, the payment of a ransom may be considered aiding terrorist activities or otherwise violate federal law, leading to governmental or regulatory sanctions and increased potential liability. Therefore, organizations are recommended to take the steps outlined in the Ransomware Guide to help the organizations defend against ransomware before it strikes and to recover the lost data if it does rather than pay the ransom. Organizations should also contact federal law enforcement agencies and determine if a cipher key is available for the particular strain of ransomware affecting the organization.  Such efforts may allow for decryption of their illegally encrypted files as well as avoidance of being forced to make a ransom a payment to the attackers. Organizations that cannot recover from a ransomware attack in a timely manner without paying the ransom should consult experienced legal counsel before making any payments to understand the potential liabilities and risks associated with making such a payment.

© 2020 Foley & Lardner LLPNational Law Review, Volume X, Number 303
Advertisement

TRENDING LEGAL ANALYSIS

Advertisement
Advertisement

About this Author

Eileen R. Ridley, Foley Lardner, Arbitration Lawyer, High Tech Litigation Attorney
Partner

Eileen R. Ridley is a partner and litigation lawyer with Foley & Lardner LLP. Ms. Ridley has extensive experience in litigating, arbitrating and trying complex commercial matters for a variety of industries including the high-tech, oil and gas, telecommunications, construction, insurance and health care industries. She is the firm’s Chief Diversity Partner, a role in which she is a catalyst for and leader in carrying out the firm’s commitment to diversity. Ms. Ridley serves on the firm's national Management Committee and is vice chair of the Litigation Department....

415-438-6469
Aaron K. Tantleff, Foley Lardner, E-Commerce lawyer, IP Attorney, Patents
Partner

Aaron K. Tantleff is a partner and intellectual property lawyer with Foley & Lardner LLP. His practice focuses upon providing legal and strategic guidance regarding information technology, outsourcing, licensing, consulting, professional services, e-commerce, manufacturing, supply, and distribution agreements, as well as product acquisitions, strategic alliances, mergers and acquisitions, and private equity investments where technology and intellectual property are of significant importance and value. Mr. Tantleff is a member of the firm’s Technology...

312-832-4367
Steven Millendorf, Technology Attorney, Foley and Lardner Law Firm
Associate

Steven Millendorf is an associate and intellectual property lawyer with Foley & Lardner LLP. He has experience drafting, reviewing and revising technology agreements, including protections for privacy and data security. Mr. Millendorf regularly tracks changes to state breach notification laws and revises Foley’s nationally published state data breach notification database. He also has experience in defending electronics and telecommunications clients in IP litigation matters. Mr. Millendorf is a member of the firm’s Technology Transactions & Outsourcing,...

858-847-6737
Advertisement
Advertisement