International Cyberattack Threatens Healthcare Organizations

The U.S. Department of Health and Human Services (HHS) and the Department of Homeland Security (DHS) are calling for aggressive risk mitigation steps in response to the ransomware attack – “WannaCry” – plaguing businesses and healthcare organizations around the globe. On a recent sector call, HHS and DHS notified healthcare providers that the attack is not over and that variants are emerging. The two agencies urge providers to scan their systems for vulnerabilities and make sure that devices are fully patched and updated. In particular, providers are directed to apply the March and May patches provided by Microsoft to all systems and devices with known vulnerabilities.

The federal government is convening regular calls with stakeholders. To receive alerts and information, providers should register for the DHS Critical Infrastructure Protection listserv. The agencies involved have made available several resources:

• HHS's guidance on ransomware attacks is available here.
• For overall Cyber Situational Awareness, visit the US-CERT National Cyber Awareness System web page.
• NCCIC portal for those who have access
• FBI FLASH: Indicators Associated With WannaCry Ransomware
• SMB Vulnerability
• Open Source Links for Information and Indicators:
  • U.S. Computer Emergency Readiness Team, here and here

For the latest Microsoft Security Information:

• Visit the Microsoft Update Catalog for the latest security updates.

For ASPR TRACIE: Healthcare Cybersecurity Best Practices:

• Information on how to protect from email-based and open RDP ransomware attacks can be found on the TRACIE portal here.
• ASPR TRACIE also has promising healthcare cybersecurity practices available:
  • Issue 2 of The Exchange (released in 2016);
  • Cybersecurity and Healthcare Facilities describes last year's attack on MedStar, and steps we can take to prevent and mitigate attacks;
  • Cybersecurity and Information Sharing Topic Collections include annotated resources reviewed and approved by a variety of subject matter experts.

Request an unauthenticated scan of your public IP addresses from DHS:

• The US-CERT’s National Cybersecurity Assessment & Technical Services (NCATS) provides integrated threat intelligence and provides an objective third-party perspective on the current cybersecurity posture of the stakeholder’s unclassified operational/business networks. NCATS security services are available at no cost to stakeholders. For more information, please contact NCATS_INFO@hq.dhs.gov.

If your organization is the victim of a ransomware attack, HHS and DHS ask you to contact law enforcement immediately.

1. Contact your FBI Field Office Cyber Task Force immediately to report a ransomware event and request assistance. These professionals work with state and local law enforcement and other federal and international partners to pursue cyber criminals globally and to assist victims of cyber-crime.
2. Report cyber incidents to the US-CERT and FBI's Internet Crime Complaint Center.

The federal government also asks you to share healthcare-specific indicators of any attack with HHS’ Healthcare Cybersecurity and Communications Integration Center (HCCIC) at HCCIC_RM@hhs.gov.

DHS and HHS advise that malicious actors are beginning to exploit the ransomware attack in more traditional ways. HHS has received at least one report from a hospital that received a telephone call from an individual claiming to be from Microsoft who offered support in combatting the ransomware, if given access to their servers.

Long-term/post-acute care providers and their business associates should be on heightened alert for malware infection and malicious attempts to compromise their networks. Close attention to updates and patches is strongly encouraged.

Contact: Karen Lipson, klipson@leadingageny.org, 518-867-8383 ext. 124