Careers

Diversity

With 17 offices, from New York to Los Angeles and Seattle to Orlando, we live and work in communities all over the U.S., collaborating across locations, disciplines and even borders. Our experienced, highly ranked lawyers serve businesses wherever they are and wherever they want to go.

Offices

About Us

Pages

Professionals

Thought leadership: blogs, podcasts, videos, publications, events and news

Insights

Services

Pro Bono

Am Law 100 firm with practices in Business, Digital Assets and Data Management, Intellectual Property, Labor & Employment, Litigation and Tax.

Home | BakerHostetler

Brian Davis Participates in the European American Chamber of Commerce’s Pan-European Tax Update 2024

Alexander Reid States that Congress Should Expand Free Speech Rules for Tax-Exempt Groups

Teresa Goody Guillén Stresses the Need for Remote-Work Ground Rules in LegalDive Article

SEC Director of Enforcement Warns of a ‘Perfect Storm’ Developing Around AI

<img decoding="async" loading="lazy" class="wp-image-6390 alignright" src="https://dataprivacymonitor.bakerhostetlerblogs.com/wp-content/uploads/sites/5/2020/10/DADM-concept-GettyImages-1054552124_1200x630_72dpi.jpg" alt="" width="438" height="230" />
On Oct. 28, a joint cybersecurity advisory was published by the Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Department of Health & Human Services. The advisory warned of an imminent cybercrime threat to U.S. hospitals and healthcare providers – specifically that a large-scale ransomware attack may be on the very near horizon. BakerHostetler’s coverage of the initial alert, including proactive measures organizations can take, can be found <a href="https://www.bakerlaw.com/alerts/ransomware-warning-to-the-healthcare-industry">here</a>.
On Oct. 29, the advisory was updated with a number of substantive and helpful data points:
<ul>
<li>The alert now acknowledges that Trickbot is being used heavily to deploy Conti ransomware in addition to Ryuk as previously reported</li>
<li>The alert now includes Bazarloader, in addition to TrickBot, as a common loader.</li>
<li>The alert provides additional attack vector information, specifically detailing the phishing campaign indicators of compromise (IOCs) and common names of malicious email attachments.</li>
<li>The alert provides additional TrickBot IOCs, including malicious file names and subdirectory locations.</li>
<li>The alert provides TrickBot YARA rules that can be used to identify files that may be associated with TrickBot.</li>
</ul>
The updated alert can be found <a href="https://us-cert.cisa.gov/ncas/alerts/aa20-302a">here</a>.
The initial <a href="https://us-cert.cisa.gov/ncas/alerts/aa20-302a">advisory</a> also sets forth some network and ransomware best practices, including:
<ul>
<li>Regularly back up data, air gap and password protect backup copies offline.</li>
<li>Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, secure location.</li>
</ul>
To address this and other threats, healthcare organizations should also review or establish patching plans, security policies, user agreements and business continuity plans to ensure they address these current threats posed by malicious cyber actors.
BakerHostetler is actively monitoring the release of new information about the threat and will provide updates on this developing story as they become available. BakerHostetler has a team of highly experienced incident response attorneys who are ready to help healthcare (and other) clients with responding to ransomware and other cybersecurity incidents.

core/freeform

Data Counsel

Chicago

Partner

Aleksandra Vold

Philadelphia

Sara M. Goldstein

Healthcare Privacy and Compliance

Digital Assets and Data Management

CISA Updates Advisory on Large-Scale Impending and Credible Ransomware Threat to Healthcare to Include Additional IOCs

Related Services

Featured Insights