A joint alert from the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) issued Oct. 28 noted that the agencies had “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The agencies have released AA20-302A Ransomware Activity Targeting the Healthcare and Public Health Sector, which details both the threat and steps that healthcare organizations should take to help manage the risk posed by ransomware and other cyber threats.
Additionally, the joint CISA and the Multi-State Information Sharing and Analysis Center Ransomware Guide provides a checklist that can serve as a ransomware-specific addendum to an organization’s cyber incident response plans. The HHS Office for Civil Rights’ Fact Sheet: Ransomware and HIPAA provides further information for entities regulated by the HIPAA Rules.
CISA, FBI and HHS have shared this information in order to provide a warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.