ASPR Issues Update on Ransomware Activities in the Healthcare Industry

The HHS’ Office of the Assistant Secretary for Preparedness and Response (ASPR) has given an update on ransomware activity aimed at the healthcare and public health sectors.

In late October, the HHS, the Federal Bureau of Investigation (FBI) and the Cybersecurity and Infrastructure Security Agency (CISA) gave a joint alert concerning an impending rise in ransomware activity aimed towards the healthcare sector. In just one week after giving the warning, six healthcare organizations reported ransomware attacks in one day. Over a dozen healthcare providers have submitted cyberattack reports in the last two months. Healthcare companies reported more than 62 attacks to date in 2020.

Human-controlled ransomware attacks have earlier seen APT gangs gain access to systems several weeks and even months ahead of the ransomware deployment. ASPR states that in a lot of the latest ransomware attacks, the time from the first compromise to the deployment of ransomware has been rather short, only a few days or even hours.

A long time period between compromise and deployment provides victim organizations time to determine the compromise and make a move to remove the hackers from the network quickly to avert file encryption. The short time frame makes this much more challenging.

FBI, HHS and CISA encourage health delivery companies and other HPH industry entities to work at long-lasting and operationally sustainable defenses against ransomware risks now and later on.

Different techniques are currently being utilized to deploy ransomware, which includes other types of malware like BazarLoader and TrickBot, which are normally transported through phishing emails, and manual deployment after networks were breached by taking advantage of vulnerabilities.

Healthcare organizations must do the following to fight the ransomware risk by dealing with the vulnerabilities that attackers take advantage of to get access to healthcare systems:

Perform vulnerability scans to determine vulnerabilities prior to exploitation and deal with those vulnerabilities.
Anti-spam and anti-phishing programs ought to be implemented to prevent the email attack vector.
Healthcare companies ought to take up a 3-2-1 backup strategy to make sure files could be restored in case of an attack.

The 3-2-1 tactic entails 3 copies of backups, on two varied media, with one copy saved safely off-site. The latest ransomware attack on Alamance Skin Center illustrates the usefulness of this backup tactic. Patient data was completely lost due to the nonpayment of the ransom.

Organizations must balance their operational requirements by using the present threat level and acquire processes and postures for standard operating status and increased threat cycles. The risk from ransomware is current and entities ought to have effective deterrent methods while keeping efficient care delivery.

Review the Indicators of Compromise (IoCs), proposed mitigations, and ransomware guidelines presented by CISA/FBI/HHS in October 28, 2020 on this page.