URGENT CYBER UPDATE OCT 2020 | Ransomware attacks are imminent in healthcare organisations

healthcare alert
Locally and internationally Healthcare organisations are being targeted by a specific, sustained Ransomware campaign. 

The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre identified a sustained campaign by sophisticated cybercrime actors impacting the Australian health sector. The ASD has noted the Alert status as high. The ASD noted they continue to see activity against the health sector similar to the increase of identified Emotet activity in Advisory 2020-17: Resumption of Emotet malware campaign.

This type of campaign is not limited to Australia, with the United States of America Cybersecurity and Infrastructure Security Agency (CISA) recently issuing a cybersecurity alert. This alert identifies a campaign, with Emotet and TrickBot being used to further deploy Conti or Ryuk ransomware variants. The alert also provides detection and mitigation advice.

By way of global context, a joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) on October 28, 2020 and goes into great detail of the threats and actions healthcare organisation need to take.

Best practices include:

  • Identifying and containing the incident is critical.
  • Implement and maintain business continuity plans to minimize healthcare service and treatment disruptions.
  • Implement tools that protect your workforce and their endpoint devices.
  • Develop and implement an incident response program to help identify and contain an incident before it cascades throughout the organization causing major disruptions in healthcare services and treatments.

A ransomware attack in September 2020 resulted in a death in a German hospital due to the interruption of healthcare services and treatment options due to the hospital’s computers being impacted by ransomware.

While this campaign is targeted at the health sector, Lockton recommends that all Australian organisations read the two documents linked below and follow their recommended mitigation advice.
https://www.cyber.gov.au/acsc/view-all-content/advisories/advisory-2020-017-resumption-emotet-malware-campaign 
https://us-cert.cisa.gov/ncas/alerts/aa20-302a 
 

Similar articles

WA covid update
Blog

Workers’ Compensation Insurance & Covid-19: Western Australia Update

WORKERS COMPENSATION AND INJURY MANAGEMENT ACT 1981 (COVID-19 RESPONSE) AMENDMENT BILL

change the world
Insight

Five ways COVID-19 may change the world

The experience of self-isolating at home for weeks during the COVID-19 pandemic is likely to mark society.

Novel coronavirus
News

Novel Coronavirus: What are the obligations of an employer in Australia?

Note: The coronavirus outbreak is a fast-developing situation, and local health agencies should be consulted for the latest news and directives.

CCFWA
Blog

Workers’ Compensation Insurance & Covid-19: WA Civil Contractors Update

WORKERS COMPENSATION AND INJURY MANAGEMENT ACT 1981 (COVID-19 RESPONSE) AMENDMENT BILL