On Thursday, Oct. 28, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) released a joint cybersecurity alert regarding an increased and imminent cybersecurity threat to U.S. hospitals and healthcare systems. There is credible information that this targeted attack could be imminent. A full PDF version of the report can be found here. The report contains important indicators including files to be on the lookout for, and could be critical in protecting your data, as well as mitigation measures that practices can take to protect themselves.
Many of the associated Malware infiltrate user systems through the use of phishing emails linking users to Google Documents.
A few of the best practices, among others, recommended by the joint cybersecurity advisory include:
- Having business continuity plans in place – such as multiple back up services
- Patch operating systems, software, and firmware
- Regularly change passwords for network system accounts
- Update antivirus and antimalware solutions and run scans
- Focus on awareness and training – end users are targeted, review the threats of phishing scams with your staff
- Review systems for indicators of infection, provided in the joint cybersecurity advisory report.
- Close remote desktop sessions when not in use
Regarding backups, it is best practice to follow the 3-2-1 rule: maintain three copies of all critical data, on at least two different types of media, with at least one stored offline. It is also advisable to retain complete images of systems and backup hardware, when cost allows. A simple but important measure is also to maintain an incidence response plan which includes measures to clean, rebuild, and recover, while taking measures to prevent reinfection. CISA has provided a great comprehensive guide on preventing and recovering from ransomware attacks.
Above all else, more than ever, it is important to keep all your teams aware to NEVER click on a link or attachment that you are not completely confident in, and whenever a team member does click a link they are uncertain about, they should have designated resource who they can inform about it.
In the case that you are the victim of an attack, please inform our customer support team right away.