The FBI, CISA and Treasury have released a joint Cybersecurity Advisory. This report details a North Korean state-sponsored ransomware called Maui. Following a report from Maui ransomware victims, the FBI was able to identify this ransomware strain and recover $500 million.
Healthcare organizations are a target of North Korean state-sponsored ransomware. Maui ransomware has encrypted servers at Healthcare Facilities which house EHRs, imaging software and other services vital to providing health care. These attacks have disrupted services for prolonged periods of time. If you experience an attack of this nature, it will affect your ability to treat your patients. Some ransomware attacks have resulted in life-threatening situations
You can review the alert for indicators that your system has been compromised (https://www.cisa.gov/uscert/ncas/alerts/aa22-187a)
Victims of ransomware are asked to report to their local FBI field office or CISA. They are highly discouraged from paying ransoms. The ransom does not ensure the recovery of files and records. Paying ransoms can be a violation of federal laws if the money goes to a known terrorist state or organization. (See Sanctions Risks Advisory https://home.treasury.gov/system/files/126/ofac_ransomware_advisory.pdf).
The advisory listed recommendations to mitigate the risk in your office. They include:
- Maintain offline backups that are tested regularly that the data can be restored
- Ensure all backups are encrypted
- Install updates to operating systems, software and firmware as they are released
- Use Multi-Factor Authentication (MFA) wherever possible
- Train your staff how to recognize and respond to phishing attempts
- Have all incoming emails that originated from outside your network have a banner alerting that it is from an external source
Many of these recommendations have to do with email security. Check that off your list by attending TLD Systems’ free Cybersecurity Webinar Series on Email Security Wednesday, August 3 at 8 PM Eastern. You can sign up at this link.
These recommendations and more are included in the TLD Systems HIPAA Compliance Program. If you have questions or would like to schedule a demo, you can use this link to set up a call: https://calendly.com/tldsystems/hipaa.