As if the COVID-19 pandemic were not enough to worry about, the FBI and Department of Homeland Security have issued an unprecedented warning of an “imminent cybercrime threat to US hospitals and healthcare providers.”
Intelligence indicates that a Russian ransomware group known as UNC1878 is planning to deploy ransomware nicknamed “Ryuk” to more than 400 healthcare facilities in the US. This situation is rapidly evolving but it is important that everyone in the healthcare industry be aware of this threat and take precautions now. Internal departments and Managed Service Providers (MSPs) should be redoubling efforts to ensure that infrastructure is as secure as possible and should be re-assessing updates to servers and network equipment as well as following the latest guidelines for locking out specific IP ranges the FBI and Homeland Security have deemed as possible sources. IT departments should continue monitoring all other “Indicators of Compromise” as they are published and determine how to monitor or check for them, if possible.
From an infrastructure standpoint, MSPs and IT departments can only do so much. It is imperative that all employees are aware of the threat and are not opening emails they do not recognize, not clicking on links embedded in emails, etc.
Here is what we are recommending to our clients and recommend you do the same.
- Do NOT click on links from any external email unless you are 100% sure they are legitimate! (this threat doesn’t even need you to download anything or give your credentials).
- Go to the website instead and log in there – not through email.
- CALL the sender and verify.
- LIMIT your access to any external INTERNET connections as much as you can – if it’s not business related and very necessary, do not interact with external sites or respond to external emails.
The entire healthcare industry should take this threat very seriously As they say in the movies, this is not a drill.
Stay safe and secure.