URGENT CYBER UPDATE OCT 2020 | Ransomware attacks are imminent in healthcare organisations
The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre identified a sustained campaign by sophisticated cybercrime actors impacting the Australian health sector. The ASD has noted the Alert status as high. The ASD noted they continue to see activity against the health sector similar to the increase of identified Emotet activity in Advisory 2020-17: Resumption of Emotet malware campaign.
This type of campaign is not limited to Australia, with the United States of America Cybersecurity and Infrastructure Security Agency (CISA) recently issuing a cybersecurity alert. This alert identifies a campaign, with Emotet and TrickBot being used to further deploy Conti or Ryuk ransomware variants. The alert also provides detection and mitigation advice.
By way of global context, a joint cybersecurity advisory was coauthored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) on October 28, 2020 and goes into great detail of the threats and actions healthcare organisation need to take.
Best practices include:
- Identifying and containing the incident is critical.
- Implement and maintain business continuity plans to minimize healthcare service and treatment disruptions.
- Implement tools that protect your workforce and their endpoint devices.
- Develop and implement an incident response program to help identify and contain an incident before it cascades throughout the organization causing major disruptions in healthcare services and treatments.
A ransomware attack in September 2020 resulted in a death in a German hospital due to the interruption of healthcare services and treatment options due to the hospital’s computers being impacted by ransomware.
While this campaign is targeted at the health sector, Lockton recommends that all Australian organisations read the two documents linked below and follow their recommended mitigation advice.