The Oct. 28 alert details the tactics, techniques and procedures used by cybercriminals against targets in the health care and public health sector to infect systems with ransomware for financial gain, as well as the practices the agencies encourage health care organizations to use to help manage the risk posed by ransomware and other cyber threats.
The agencies believe cybercriminals are targeting the sector with malware, often leading to ransomware attacks, data theft and the disruption of health care services, according to the alert.
"These issues will be particularly challenging for organizations within the COVID-19 pandemic; therefore, administrators will need to balance this risk when determining their cybersecurity investments," the alert states.
The agencies recommend that health care organizations implement both ransomware prevention and response measures immediately. The alert includes tips from CISA and the Multi-State Information Sharing and Analysis Center's joint Ransomware Guide, including maintaining offline, encrypted backups of data and regularly testing those backups; creating, maintaining and exercising a basic cyber incident response plan and associated communications plan that includes response and notification procedures for a ransomware incident; and planning for the possibility of critical information systems being inaccessible for an extended period of time.
The agencies do not recommend paying ransoms, as payment does not guarantee files will be recovered and could embolden attackers to target additional organizations or encourage others to engage in the distribution of ransomware and funding of illicit activities.
For additional resources, visit CISA's ransomware guidance and resources webpage, the FBI's ransomware webpage and the HHS Office for Civil Rights' Fact Sheet: Ransomware and HIPAA.