Skip to main content

Joint Federal Agency Advisory Warns of Imminent Ransomware Threats to the Healthcare and Public Health Sector

Kelly Ruane Melchiondo

Privacy Portal Blog Card ImageAs if the recent uptick in national COVID-19 cases and hospitalizations were not enough to tax an already beleaguered health system, on October 28, 2020, three federal agencies issued a cybersecurity Joint Advisory warning of a credible threat of “increased and imminent cybercrime” targeting U.S. hospitals and public sector healthcare providers. In the Joint Advisory, the Cybersecurity and Infrastructure Agency (CISA), FBI and the Department of Health and Human Services (HHS) warned that malicious cyber actors are targeting the public health sector with Trickbot malware that can lead to ransomware attacks, data theft, and disruption of healthcare service.

The Joint Advisory focused on Trickbot malware known as “Anchor,” which cyber actors use to target high-profile victims such as large corporations. Anchor works as a backdoor to allow victims’ machines to communicate with servers over Domain Name Systems (DNS) to evade typical network defenses. This enables malicious communications to blend in with legitimate DNS traffic. Anchor is particularly aggressive malware that schedules tasks every 15 minutes to persistently attack victims’ machines.

An Anchor Trickbot infection implants Ryuk malware into systems for financial gain. Ryuk ransomware targets victims that malicious actors perceive to have the ability to pay exorbitant sums of money. Ryuk ransomware often goes undetected until days or months after the initial infection. This allows the malicious actor sufficient time to surveil the infected network to identify critical network systems and users, or to shut down or uninstall critical security applications that would otherwise prevent ransomware from executing.

In the Joint Advisory, CISA, FBI and HHS encourage healthcare organizations to maintain or reinforce their business continuity plans, and to ensure that they are following best practices for cybersecurity, including, for example:

  • Patching operating systems, software and firmware as soon as manufacturers release updates;
  • Regularly changing passwords to network systems and accounts;
  • Using multi-factor authentication where possible; and
  • Identifying critical assets and creating backup systems, and housing those backup systems offline from the network.

Organizations should review the Joint Advisory’s list of indicators of Trickbot infection, as these are key indicators of an imminent ransomware attack. For example, organizations should, at a minimum, search their C:\\Windows directories for suspicious 12-character .exe files, or “anchorDiag.txt” files.

All organizations, whether in the healthcare public sector or not, should note and implement the recommendations in the Joint Advisory. The best defense to a ransomware attack is frequent, if not daily, backups of critical files and network systems to neutralize the threat of inaccessible data. Paying a ransomware demand does not ensure recovery of stolen or compromised data, and may run afoul of federal regulations prohibiting payments to foreign actors. Now is the time to immediately back up data, password protect backup copies offline, and maintain backup servers in a separate physical location.

YOU MIGHT ALSO LIKE
Blog September 24, 2024
In a recent federal case from New York, the court dealt a blow to plaintiffs suing over data breaches. The plaintiffs had filed a putative class action suit, alleging that they (and others like them) had been harmed by the alleged exposure of their personal and financial information due to a March 2...
Speaking Engagement September 12, 2024
Philip R. Stein speaks on the panel Don’t Be a Dinosaur! Staying Current on Corporate Governance Developmentsat the ACC South Florida 14th Annual CLE Conference. The session focuses on the significant developments in Florida and Delaware corporate governance law, focusing on the most salient n...
Speaking Engagement March 4, 2024
Ryan J. Coyle speaks on the panel Stiff Winds, New Currents and Rough Seas: Navigating the Private Client World in Turbulent Times at the 29th Annual International Private Client Tax Conference. The panel discusses recent changes and salient topics in tax law in different jurisdictions, the use of a...
VIEW MORE