CISA, FBI warn healthcare organizations of imminent cybercrime threat

November 10, 2020
News & Insights

The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and HHS released a joint advisory on October 28 to warn healthcare organizations of potential cyberattacks.

According to the joint advisory, the agencies have received credible information of an increased and imminent cybercrime threat to hospitals and healthcare organizations within the U.S. The threat is in the form of TrickBot malware, which often leads to ransomware attacks, data theft, and the disruption of healthcare services, according to the agencies.

Cybercriminals disseminate the TrickBot malware via various phishing campaigns that contain links to websites that host the malware, or through email attachments with the malware.

According to the agencies, phishing emails:

  • Are typically delivered by commercial mass email delivery services. An email received by a victim will contain a link to an actor-controlled Google Drive document or other free online file-hosting solutions, typically purporting to be a PDF file.
  • Usually reference a failure to create a preview of the document and contains a link to a URL hosting a malware payload in the form of a misnamed or multiple extension file.
  • Can appear as routine, legitimate business correspondence about customer complaints, hiring decisions, or other important tasks that require the attention of the recipient.  
  • May include the recipient’s name or employer’s name in the subject line and/or email body.

To help healthcare organizations combat these threats, the agencies provided several recommendations for mitigation strategies, including network best practices, ransomware best practices, and user awareness best practices.

The agencies urge organizations to focus on staff awareness and training. All users should be trained on information security principles and techniques, as well as overall emerging cybersecurity risks and vulnerabilities, according to the joint advisory. Additionally, employees should know who to contact if they see suspicious activity or if they believe they have been the victim of a cyberattack.

Related Topics: 
HIPAA