On October 28, 2020, a joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS). This advisory describes the tactics, techniques, and procedures used by cybercriminals against targets in the healthcare and public health sectors to infect their systems with Ryuk ransomware for financial gain.
CISA, FBI, and HHS state they have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.
CISA, FBI, and HHS believe malicious cyber actors are targeting healthcare entities with Trickbot malware, often leading to ransomware attacks, data theft, and the disruption of healthcare services.
These issues are particularly challenging for healthcare organizations during the COVID-19 pandemic.
We are seeing such threats to our own clients. To address this threat, IT teams should double-down on internal alerts, education, and securing backups (as the attackers are now looking to disable backups as part of their ransom strategy). You also should consider running a table-top exercise to simulate your response to such an attack.