Security Alert: Trickbot Attacks Against Healthcare System Considered Imminent

Security Alert from The Fulcrum Group

Our President, Steve Meek, was invited to join an HHS conference call recently, where news was released jointly from the FBI, DHS, and HHS, warning of an “imminent and credible” ransomware threat against U.S hospitals. The attackers are targeting the Sector with “Trickbot” malware, often leading to ransomware attacks, data theft, and the disruption of healthcare services. 

A well-known security researcher and insider “Krebs on Security”, has referred to one source that has said the ransomware gang is targeting more than 400 hospitals, clinics and medical care facilities. 

It appears a hospital in Oregon reported being offline due to the attack just before the call. The investigation into the malware has shown key “Indicators of Compromise” (IOCs), which include a list of domains which the malware is currently operating through. There are additional reports of other facilities already hit in California and New York, but are unknown to the public at this time.

How You Can Protect Yourself And Your Organization:

  1. Block known sites that provide known functionality to the malware (IOC List)
  2. ​Inform employees of the threat and increased need to stay highly diligent​ during this time
  3. Monitor endpoint detection on servers and workstations for changes in applications and running services, stopped state is IOC
  4. Monitoring of new account creations, especially those with administrator access
  5. Disallow use of person email accounts
  6. Check that backups of critical data sets are current and stored offline
  7. Ensure Business Continuity Plans are up-to-date and readily available
  8. Be prepared to report all potential cyber incidents to FBI 24/7 CyberWatch Command Center (855-292-3937)

Current References:

HHS Bulletin:

Krebs Article:

Oregon Hospital

IOC List:

Comments are closed.