A recent cyberattack impacted the networks of seven hospitals in New York and Vermont. The attack was made public a day after the FBI and the Department of Health and Human Services (HHS), and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) released a warning that health care services are becoming the primary target of ransomware attacks. The facilities impacted by the attack were affected differently, some were unable to perform scheduled elective surgeries. Hospitals have become a bigger target during the COVID-19 pandemic because their diminished ability to respond to such attacks. The FBI believes the criminals behind the attack utilized Ryuk malware. This ransomware is also believed to be responsible for an attack on Universal Health Services earlier this month.
CISA, FBI, and HHS do not recommend paying ransoms. Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware. Organizations should focus on awareness and training. Employees need to be aware of ransomware attacks, what they may look like, and how they are delivered.