Healthcare Ransomware Attacks Predicted this Weekend

October 30, 2020

This week, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have sent advisories regarding a cyber threat to hospitals and health care providers. The CISA, FBI, and HHS alert (https://us-cert.cisa.gov/ncas/alerts/aa20-302a) suggests there is credible information that a widespread ransomware attack using Ryuk, TrickBot, and other malware will take place this weekend. The threat actors are claiming that they are targeting 400 healthcare organizations. Experts suggest entities may already have the encryption malware on their systems, but the threat actors have not yet commanded it to activate.

Healthcare providers can prepare themselves by taking appropriate steps to protect their systems. The attached advisory from Ankura, a cyber insurance market breach response vendor, is an example of guidance for IT departments in preparation for a ransomware event. Preparation for such an event should always include identifying legal, forensics, and ransomware response vendors who can assist in responding and navigating the complicated choices over whether extortion amount should be paid and whether operations can continue.

Risk managers should be ready to contact their cyber insurance carriers and get pre-approved consent for breach response firms, if they have not already. These pre-approved breach response firms should be contacted to ensure they are readily available to respond should the need arise.

The contact for Beecher Carlson’s CyberSelect clients is 800-463-8604 and e-mail at incidentresponse@polsinelli.com. For clients with Beazley’s cyber policies, contact information is (866) 567-8570 and bbr.claims@beazley.com. Contact information for other insurers will be found in their policies.  Please also feel free to reach out to your Beecher Carlson account representative with any questions.

Read more general recommendations and remediation steps here.