HHS Issues Advisory on Cyber Attacks on the Public Health Sector

October 30, 2020
Policy Snapshot

A joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS). This advisory describes the tactics, techniques, and procedures used by cybercriminals against targets in the health care and public health (HPH) sector to infect systems with ransomware, notably Ryuk and Conti, for financial gain.

CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and health care providers. CISA, FBI, and HHS are sharing this information to warn health care providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.

Read the report.

Key Findings

  • CISA, FBI, and HHS assess malicious cyber actors are targeting the HPH sector with TrickBot and BazarLoader malware, often leading to ransomware attacks, data theft, and the disruption of health care services
  • These issues will be particularly challenging for organizations during the COVID-19 pandemic; therefore, administrators will need to balance this risk when determining their cybersecurity investments

Here are some things to do to mitigate the risk:

  • Patch operating systems, software, and firmware as soon as manufacturers release updates
  • Regularly change passwords to network systems and accounts and avoid reusing passwords for different accounts
  • Use multi-factor authentication where possible
  • Disallow use of personal email accounts
  • Disable unused remote access/remote desktop protocol (RDP) ports and monitor remote access/RDP logs
  • Identify critical assets; create backups of these systems and house the backups offline from the network
  • Set antivirus and anti-malware solutions to automatically update; conduct regular scans

The AMA and the American Hospital Association (AHA) have created two resources to help physicians and hospitals guard against cyber threats. Those resources and additional cyber security information can be found at the AMA’s cybersecurity webpage.