Given the increased threats of cybersecurity incidents targeting U.S. hospitals and healthcare information systems, a joint cybersecurity advisory (Alert AA20-302A) has been issued by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS). This advisory describes the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the Healthcare and Public Health Sector (HPH) to infect systems with Ryuk ransomware for financial gain.
CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers. CISA, FBI, and HHS are sharing this information to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.
The joint cybersecurity advisory (Alert AA20-302A) can be accessed here. Please note that this document will be updated as needed; the most recent documents can be found at https://us-cert.cisa.gov/ncas/alerts. The advisory document includes indicators of compromise, mitigations, and best practices, and a Ransomware Response Checklist.