July 07, 2017

Feds Modify Security Advice After Cyberattack

A cyberattack based on “notPetya,” a variant of Petya ransomware, began hitting organizations around the world on June 27. Unlike Petya, which was first discovered in 2016, information systems infected with “notPetya” cannot be restored even after a ransom is paid—meaning, it was probably intended to inflict irreparable damage on its targets.

Though the cyberattack was primarily targeted at Ukrainian interests, Nuance Communications and several other American companies conducting business in the Ukraine were impacted. On July 5, Nuance reported its health care business was affected most by the attack. It is regularly updating customers about the recovery effort on a website dedicated to its response.

The U.S. National Cybersecurity and Communications Integration Center (NCCIC) generally recommends against paying ransoms. In the aftermath of the “notPetya” outbreak, the U.S. Department of Health and Human Services (HHS) shared the following updated recommendations for health care organizations infected by ransomware:

If your organization is the victim of a ransomware attack, HHS recommends the following steps:

  1. Please contact your FBI Field Office Cyber Task Force or U.S. Secret Service Electronic Crimes Task Force immediately to report a ransomware event and request assistance. These professionals work with state and local law enforcement and other federal and international partners to pursue cyber criminals globally and to assist victims of cyber-crime.
  2. Please report cyber incidents to the US-CERT and FBI’s Internet Crime Complaint Center.
  3. If your facility experiences a suspected cyberattack affecting medical devices, you may contact FDA’s 24/7 emergency line at 1-866-300-4374. Reports of impact on multiple devices should be aggregated on a system/facility level.
  4. For further analysis and healthcare-specific indicator sharing, please also share these indicators with HHS’ Healthcare Cybersecurity and Communications Integration Center (HCCIC).  

The U.S. government is also linking interested parties to mitigation information and tools offered by the National Health Information Sharing and Analysis Center (NH-ISAC) to help vaccinate vulnerable computer systems against the specific “notPetya” malware threat.