Health and Human Services offers resources to deal with ransomware attacks
July 06, 2017
Washington — In the wake of the recent international WannaCry and Petya ransomware attacks, the U.S. Department of Health and Human Services announced June 29 that the federal government has resources to help those affected, especially those in health care.
The United States Computer Emergency Readiness Team has received multiple reports of Petya ransomware infections occurring in networks in many countries around the world at the end of June. Ransomware is a type of malicious software that infects a computer and restricts users' access to the infected machine until a ransom is paid to unlock it.
• The HHS Office of Civil Rights provides guidance materials including a cybersecurity checklist, ransomware guidance and cybersecurity awareness newsletters at hhs.gov/hipaa/for-professionals/security/guidance/cybersecurity/index.html.
• HHS recommends the following steps for those who believe they or their organization has been the victim of a ransomware attack:
- Contact the FBI Field Office Cyber Task Force (fbi.gov/contact-us/field/field-offices) or U.S. Secret Service Electronic Crimes Task Force (secretservice.gov/investigation/#field) to report a ransomware event and request assistance.
- Report cyberincidents to the United States Computer Emergency Readiness Team (us-cert.gov/ncas) and the FBI’s Internet Crime Complaint Center (ic3.gov).
• OCR recommendations to help mitigate the threat include:
- Educate users on common phishing tactics that entice users to open malicious attachments or to click links to malicious sites.
- Patch vulnerable systems with the latest Microsoft security patches: technet.microsoft.com/en-us/security/bulletins.aspx.
- Use a reputable anti-virus product whose definitions are up-to-date to regularly scan all devices in your environment in order to determine if any of them have malware on them that has not yet been identified. Many anti-virus products will automatically clean up infections or potential infections when they are identified.
- Verify perimeter security tools are blocking Tor .Onion sites. Tor aims to conceal its users' identities and their online activity from surveillance.
The Petya ransomware attack was first observed June 27. The attacked entities are primarily in the European Union. Multiple companies, including those in the financial, telecom, transportation, health care and energy fields, have reported that their operations have been affected.
Using unpatched and unsupported software increases the likelihood of successful attacks by various cybersecurity threats, including ransomware. Systems with internet access should have all available operating system and application software security fixes installed shortly after they are published. Systems using unsupported operating systems (such as Windows XP) must be upgraded to a supported operating system (such as Windows 7 or Windows 10), or replaced.
If a facility experiences a suspected cyberattack affecting medical devices, health care professionals should contact the Food and Drug Administration’s 24/7 emergency line at 1-866-300-4374.