October 19, 2021

Volume XI, Number 292


October 18, 2021

Subscribe to Latest Legal News and Analysis

US Health System Warned of Coordinated Ransomware Attacks

US hospitals and healthcare facilities struggling to maintain normal operations during the COVID-19 emergency, were warned this week by the federal Cybersecurity and Infrastructure Agency (CISA), the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) of a “targeted and imminent cybercrime threat.”  Specifically, CISA, FBI and HHS have credible information that malicious cyber actors are targeting hospitals and other health care providers with Trickbot malware, leading to ransomware attacks, data theft, and, significantly, the disruption of healthcare services during the pandemic.

Trickbot malware has been around since at least 2016 and cybercriminals have been working to develop new functionality increasing the ease, speed and profitability of attacks.  The criminal enterprise behind Trickbot has created tools to help them evade network defense mechanisms and to blend in with legitimate system traffic so they can move throughout a provider’s IT infrastructure undetected.

A joint CICA, FBI and HHS Alert, Ransomware Activity Targeting the Healthcare and Public Health Sector, (the “Alert”) provides extensive detail regarding the mechanism and indicators of Trickbot malware. Trickbot is used to deploy Ryuk ransomware, which has reportedly forced multiple hospitals across the country off-line in a coordinated attack.    

The Alert includes best practices for health care providers to minimize risk and mitigate harm, including the following familiar, yet critically important practices:

Administrative Best Practices

  • Implement business continuity plans – or plans to continue essential functions through emergencies such as cyberattacks and to minimize service disruptions

Network Best Practices

  • Patch system, software and firmware as new patches are released
  • Require regular password changing
  • Implement multi-factor authentication

Ransomware Best Practices

  • Don’t pay ransom (it doesn’t guarantee that files will be recovered and it emboldens cyber criminals)
  • Regularly back up data and secure backup copies offline
  • Engage with CISA, FBI and HHS for information sharing, best practices and other resources
  • Retain 3 copies of all critical data on at least two different types of media with at least one stored offline.
  • Retain backup hardware to rebuild systems, if necessary

End User Best Practices

  • Maintain formal and informal training and security awareness programs, covering ransomware and phishing scams
  • Make sure that employees know who to contact to report suspicious activity
©1994-2021 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.National Law Review, Volume X, Number 304

About this Author

Dianne Borque, Health Care, licensure, risk management, attorney, Mintz
Of Counsel

Dianne advises a variety of health care clients on a broad range of issues, including licensure, regulatory, contractual, and risk management matters, and patient care. As former in-house counsel to an academic medical center, a large part of her practice involves counseling researchers and research sponsors in matters related to FDA and OHRP regulated clinical research, including patient consent, access to and use of tissue and associated patient information, and the Institutional Review Board process. In addition, Dianne currently serves as a Vice Chair of AHLA's...

(617) 348-1614