The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) released a Cybersecurity Advisory to provide the Healthcare and Public Health Sector (HPH) with information regarding an increased and imminent cybercrime threat to US hospitals and healthcare providers, warning them to ensure they take timely and reasonable precautions to protect their networks from these threats.

The advisory details the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the HPH Sector to infect systems with Ryuk ransomware for financial gain. The agencies assess that threat actors are targeting the HPH Sector with TrickBot malware, which often leads to  ransomware attacks, data theft, and disruption of operations and services. A cyber incident would be acutely challenging for organizations involved with COVID-19 relief and treatment, particularly as the nation experiences increases in the number of infections.

The NJCCIC highly advises HPH Sector organizations to review the Cybersecurity Advisory , search their systems and network for the indicators of compromise (IOCs) provided within, and apply recommendations and best practices to reduce their risk of a ransomware or other malware infection, including exercising caution with emails – particularly those from unknown senders – and refraining from enabling macros in email attachments, reducing or eliminating external-facing systems, having a comprehensive data backup plan that includes offline backups, and ensuring there is a ransomware continuity of operations plan (COOP) in place. Should a ransomware infection affect the HPH Sector across a particular region, diverting patients may not be a reasonable option and a COOP is encouraged for this situation.