HHS Updates on International Cyber Threat to Healthcare Organizations
The US Department of Health and Human Services (HHS) has issued several updates about the recent international cyber threat to healthcare organizations. HHS is highlighting the following:
- A partner noted an exploitative social engineering activity whereby an individual called a hospital claiming to be from Microsoft and offering support if given access to their servers. It is likely that malicious actors will try and take advantage of the current situation in similar ways.
- Anecdotal notices have been received of medical device ransomware infection.
HHS is reminding all organizations that if they suspect or are the victim of a ransomware attack, please contact law enforcement immediately:
- Please contact your FBI Field Office Cyber Task Force (www.fbi.gov/contact-us/field/field-offices) immediately to report a ransomware event and request assistance. These professionals work with state and local law enforcement and other federal and international partners to pursue cyber criminals globally and to assist victims of cyber-crime.
- Please report cyber incidents to the US-CERT (www.us-cert.gov/ncas) and the FBI's Internet Crime Complaint Center (www.ic3.gov).
- For further analysis and healthcare-specific indicator sharing, please also share these indicators with HHS’ Healthcare Cybersecurity and Communications Integration Center (HCCIC) at HCCIC_RM@hhs.gov
Want to read the full alert and receive alert emails?