In a joint alert sent on October 28th, the Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, and the U.S. Department of Health and Human Services said they have “credible information” that cybercriminals are taking new aim at healthcare providers and public health agencies even as the coronavirus pandemic reaches new heights.

To quote the agencies press release, “CISA, FBI and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers,” officials said. “Malicious cyber actors” may soon be planning to “infect systems with Ryuk ransomware for financial gain” on a scale not yet seen across the American healthcare system.

The agencies recommended that hospitals, practices and public health organizations take “timely and reasonable precautions to protect their networks from these threats” which they said include targeting with Trickbot malware, “often leading to ransomware attacks, data theft, and the disruption of healthcare services” just as hospitals are also hard-pressed to respond to a third wave of the COVID-19 crisis.

The CISA, FBI and HHS agencies offered fundamental guidelines for how hospitals and healthcare organizations can harden their defenses to help protect against ransomware and other cyberattacks:

• Patch operating systems, software and firmware as soon as manufacturers release updates.
• Check configurations for every operating system version for HPH organization-owned assets to prevent issues from arising that local users are unable to fix, due to having local administration disabled.
• Regularly change passwords to network systems and accounts and avoid reusing passwords for different accounts.
• Use multifactor authentication where possible.
• Disable unused remote access/Remote Desktop Protocol ports and monitor remote access/RDP logs.

In combination with the government agencies suggestions, DI is recommending that our customers follow our guidelines for the best practices in securing your Instrument Manager applications, as described in our Secure Configuration Guidance White Paper located within IM help.

Please let us know if you have any questions or concerns. As always, we are committed to ensuring your protection, and recommend the continued adherence to application configuration best practices.