The FBI, the Department of Homeland Security, and (unusually) the Department of Health and Human Services recently released a joint advisory warning of an imminent, credible threat to the cybersecurity of US healthcare institutions. Based on information discovered in the past several days, this attack is expected to come from an established cybercriminal group in Russia, which is preparing to attack hundreds of US targets in healthcare and related industries.
This group is sophisticated, and excels at gaining complete control of networks in coordinated ransomware attacks. In many cases, criminals are active in networks for weeks or even months before the attack happens. They use this time to evaluate an organization’s network and security settings, even evading security measures and corrupting any backups, before launching a prepared ransomware attack that cripples both an organization’s main systems and any backups that were accessed.
Although the joint advisory has not identified any specific weak points that will be attacked, Mytech encourages all organizations – regardless of industry – to take the following steps:
- Report any suspicious behavior or activity discovered on your network to your IT provider or team immediately.
- Make sure you and your team exercise extra caution handling emails, especially any that contain links or attachments from healthcare-related companies.
- Follow best practices for limiting network privileges: the more accounts that have special privileges on a network, the harder they are to secure.
- Follow your IT provider’s guidance for keeping your computers updated with the latest security patches.
Sophisticated threats like this are mitigated by the security measures we deploy through our SmartBusiness Suite, which can detect pre-attack network changes and prevent the call-and-response tactics that allow further access into a network.
Even so, our philosophy is to always “presume breach,” so we are seriously evaluating this threat, and doing everything in our power to safeguard our clients’ systems and data from potential attacks.
While these attacks are currently focused on medical and healthcare organizations, industry-wide attacks are growing as a method used by these types of sophisticated actors. We encourage all our clients to remain alert and, as always, reach out to us if they see something unusual or have cause for concern.