Late last night and again this morning, the Department of Health (DOH/the Department) announced that it is aware of three ransomware attacks occurring over the last two weeks that have impacted a healthcare system, hospitals, a local health department and its county-operated adult care facility.
Phishing email has been identified as the source of attack in at least one of these incidents and is suspect in the others. As health care is currently the most targeted sector for phishing attacks, DOH encourages providers to maintain awareness of increasing cyber security threats, including those that come in the form of phishing emails.
While phishing emails can be difficult to identify, awareness and vigilance on the part of all staff in examining emails can greatly reduce the risk that your organization will fall prey to such an attack.
Ongoing staff education is essential. The U.S. Department of Health and Human Services (HHS) has compiled excellent webinars, videos and posters that can assist you in building your staff’s awareness of this issue, available at: (https://www.phe.gov/Preparedness/planning/405d/Pages/default.aspx).
The following common indicators of phishing and general recommendations may help your staff to evaluate email messages before choosing how to proceed.
Common Indicators of phishing email may include the following:
• Email received from an unexpected source.
• Mismatched email sender name and email address.
• Suspicious attachments.
• Poor grammar or punctuation.
• Links that don’t look right or that show differently once the mouse is used to hover over the link.
General user recommendations:
• Refrain from accessing personal email (e.g., Gmail, Yahoo) and/or social media. applications from healthcare system.
• Be wary of unsolicited emails, even if the sender appears to be known.
• Use caution with email links and attachments without authenticating with the sender.
• Avoid clicking directly on website links in emails; type the address into your browser.
• Keep browser and virus protection software in most current versions.
• Educate yourself on how to protect yourself from phishing.
Ensure your staff is aware of your policies and procedures for dealing with emails they believe are potentially harmful. The attached HHS poster is a quick way to provide important reminders.
Additional information about these ransomeware hazards was released by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and HHS. The advisory describes the tactics, techniques, and procedures (TTPs) used by cybercriminals against targets in the Healthcare and Public Health Sector (HPH) to infect systems with ransomware for financial gain and can be found here.