Warning of Cybersecurity Threat to Healthcare Sector – Imminent Threat of Ransomware

Alerts / October 29, 2020

BakerHostetler is closely monitoring a Cybersecurity Advisory issued jointly by several government agencies including the United States Department of Health and Human Services (HHS) and the FBI, on October 28. The Advisory warns of an imminent cybercrime threat to U.S. hospitals and healthcare providers with the purpose of infecting systems with Ryuk ransomware for financial gain. Specifically, the Advisory warns that:

  • Malicious cyber actors are targeting the Healthcare and Public Health Sectors with Trickbot malware, which often leads to ransomware attacks, data theft, and the disruption of healthcare services.
  • These issues are particularly challenging for these organizations now, in the midst of the COVID-19 pandemic; therefore, administrators will need to balance this risk when determining their cybersecurity investments.

The attacks may use a new Trickbot module and toolset called “Anchor”. As part of Anchor, the attackers use AnchorDNS, a tool for sending and receiving data from victim machines using Domain Name System (DNS) tunneling.

Additional technical details on the specific tactics, techniques and procedures related to this threat, including a link to the Indicators of Compromise (IOCs) are set forth in the Advisory.

The Advisory also sets forth some network and ransomware best practices, including:

  • Regularly back up data, air gap, and password protect backup copies offline.
  • Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, secure location.

To address this and other threats, healthcare organizations should also review or establish patching plans, security policies, user agreements and business continuity plans to ensure they address these current threats posed by malicious cyber actors.

BakerHostetler is actively monitoring the release of new information about the threat and will provide updates on this developing story as they become available. BakerHostetler has a team of highly experienced incident response attorneys who are ready to help healthcare (and other) clients with responding to ransomware and other cybersecurity incidents.

Authorship Credit: Ted Kobus and Lynn Sessions

Baker & Hostetler LLP publications are intended to inform our clients and other friends of the firm about current legal developments of general interest. They should not be construed as legal advice, and readers should not act upon the information contained in these publications without professional counsel. The hiring of a lawyer is an important decision that should not be based solely upon advertisements. Before you decide, ask us to send you written information about our qualifications and experience.