Our President, Steve Meek, was invited to join an HHS conference call recently, where news was released jointly from the FBI, DHS, and HHS, warning of an "imminent and credible" ransomware threat against U.S hospitals. The attackers are targeting the Sector with "Trickbot" malware, often leading to ransomware attacks, data theft, and the disruption of healthcare services.
A well-known security
researcher and insider "Krebs on Security", has referred to one
source that has said the ransomware gang is targeting more than 400 hospitals,
clinics and medical care facilities.
It appears a hospital in Oregon reported being offline due to the attack just before the call. The investigation into the malware has shown key "Indicators of Compromise" (IOCs), which include a list of domains which the malware is currently operating through. There are additional reports of other facilities already hit in California and New York, but are unknown to the public at this time.
How You Can Protect Yourself And Your Organization:
- Block known sites that provide known functionality to the malware (IOC List)
- Inform employees
of the threat and increased need to stay highly diligent during this time
- Monitor endpoint
detection on servers and workstations for changes in applications and running
services, stopped state is IOC
- Monitoring of new
account creations, especially those with administrator access
- Disallow use of
person email accounts
- Check that
backups of critical data sets are current and stored offline
- Ensure Business
Continuity Plans are up-to-date and readily available
- Be prepared to
report all potential cyber incidents to FBI 24/7 CyberWatch Command Center (855-292-3937)