On October 29, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) issued a critical Cybersecurity Advisory to the Healthcare and Public Health (HPH) sectors. The advisory describes the tactics, techniques, and procedures used by cybercriminals to attack targets and infect systems with the Ryuk ransomware for financial gain. The advisory cites credible information about an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers, warning providers and related covered entities to ensure they take timely and reasonable precautions to mitigate these attacks to the extent possible.
Key findings of the report include:
- CISA, FBI, and HHS assess malicious cyber actors are targeting the HPH Sector with Trickbot malware, often leading to ransomware attacks, data theft, and the disruption of healthcare services; and
- These issues will be particularly challenging for organizations within the COVID-19 pandemic; therefore, administrators will need to balance this risk when determining their cybersecurity investments.
Immediate actions that can be taken to prepare:
- Assess backup and restoration plan and capabilities.
- Verify a clean backup of critical data is available offline.
- Map and inventory critical assets.
- Ensure strong credentials and multifactor authentication is implemented for critical services and systems, especially backup tools.
- Restrict access to third party tools and email services that are not explicitly approved by IT/management (Gmail/google drive, dropbox, etc.).
The full text of the advisory can be accessed at https://us-cert.cisa.gov/ncas/alerts/aa20-302a.
CBIZ Technology’s Cybersecurity & Digital Forensics team is able to provide a comprehensive suite of cybersecurity solutions that can help your organization effectively plan, protect, and respond to this and other similar threats.
© Copyright CBIZ, Inc. All rights reserved. Use of the material contained herein without the express written consent of the firms is prohibited by law. This publication is distributed with the understanding that CBIZ is not rendering legal, accounting or other professional advice. The reader is advised to contact a tax professional prior to taking any action based upon this information. CBIZ assumes no liability whatsoever in connection with the use of this information and assumes no obligation to inform the reader of any changes in tax laws or other factors that could affect the information contained herein. Material contained in this publication is informational and promotional in nature and not intended to be specific financial, tax or consulting advice. Readers are advised to seek professional consultation regarding circumstances affecting their organization.
“CBIZ” is the brand name under which CBIZ CPAs P.C. and CBIZ, Inc. and its subsidiaries, including CBIZ Advisors, LLC, provide professional services. CBIZ CPAs P.C. and CBIZ, Inc. (and its subsidiaries) practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations, and professional standards. CBIZ CPAs P.C. is a licensed independent CPA firm that provides attest services to its clients. CBIZ, Inc. and its subsidiary entities provide tax, advisory, and consulting services to their clients. CBIZ, Inc. and its subsidiary entities are not licensed CPA firms and, therefore, cannot provide attest services.