A joint Cybersecurity Advisory has been issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS). This advisory describes the tactics, techniques, and procedures used by cybercriminals against targets in the healthcare sector to infect systems with ransomware with a coordinated wave of attacks.

As of this writing, at least five healthcare providers that had been hit with ransomware were still experiencing downtime, some for more than a week.  Only Universal Health Services, once of the first confirmed attacks, had successfully brought systems back online after more than three weeks of remediation and recovery.

The financial impact to the affected providers and any impacts on patient health have not been disclosed.

Although the joint warning was about targeted attacks on healthcare, the reality is the all organizations are at risk, and should take proactive steps, including:

  1. Evaluate your organization’s risk based on the controls you have in place.  If you are an IT service provider, help your customers perform a risk review. Our online ransomware risk calculator can be used to identify risk areas.
  2. Address the high risks as soon as possible!  Often simple changes in configuration and access can be made for minimal cost and effort that can greatly reduce your ransomware risk.
  3. Check your cyber coverage!  Ransomware is a specific threat that may have coverage limitations that you need to be aware of.  Your best protection is prevention.