WEDI Member Update: Privacy & Security Resources
October 29, 2020
The U.S. Department of Health and Human Services, the Federal Bureau of Investigation, and the Department of Homeland Security are warning of "imminent and credible" threats against the U.S health sector.
Malicious cyber actors are targeting the health sector with malware that can lead to ransomware. Any person or entity who is suspicious of or experiencing such an attack should make reports to your FBI Field Office. This link https://www.fbi.gov/contact-us/field-offices provides FBI Field Offices' contact information.
In addition to a long list of various technical attack techniques and indicators of compromise, CISA, FBI and HHS offered some basic suggestions for how hospitals and healthcare organizations can shore up their defenses to help protect against ransomware and other cyberattacks:
- Patch operating systems, software and firmware as soon as manufacturers release updates.
- Check configurations for every operating system version for HPH organization-owned assets to prevent issues from arising that local users are unable to fix, due to having local administration disabled.
- Regularly change passwords to network systems and accounts and avoid reusing passwords for different accounts.
- Use multifactor authentication where possible.
- Disable unused remote access/Remote Desktop Protocol ports and monitor remote access/RDP logs.
Malware Analysis Report
The Cybersecurity and Infrastructure Security Agency (CISA) and the Cyber National Mission Force (CNMF) released a Malware Analysis Report (MAR) detailing the recommended mitigations against newly found Zebrocy malware executables. Files hashes and recommendations are available within MAR: AR20-303B, which is available here.
The National Capital Region Threat Intelligence Consortium (NTIC) Cyber Center assesses with high confidence that organizations within the Healthcare and Public Health Sector are at high risk of targeted and opportunistic cyber attacks exploiting the COVID-19 pandemic to disrupt operations, steal sensitive data, and generate illicit revenue for profit-motivated cyber threat actors.
This report highlights cyber threats that are likely to impact this sector, along with additional resources cybersecurity teams and healthcare staff can reference to reduce risk.