Threat Watch

Sky Lakes Medical Center Responding to Ransomware Incident

Sky Lakes Medical Center, a hospital in Oregon, made an announcement via Facebook Tuesday that it was the victim of a ransomware attack. Although the incident may have affected some services, Sky Lakes is still available for emergencies and urgent care. An update provided yesterday stated that the downtown and outpatient pharmacies were open, albeit with some limitations. Thankfully, no patient information is believed to be compromised at this point in the response.

Investigation into the attack is still ongoing and Sky Lakes has not yet announced which ransomware they have been infected by. Just one day after Sky Lake’s announcement, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) released a joint alert over ransomware targeting the healthcare industry. The alert details activity by Trickbot and Ryuk and lists several best practices and mitigations for healthcare organizations to follow.

ANALYST NOTES

An extensive list of recommendations can be found at the bottom of the alert posted by CISA. These recommendations are from the Ransomware Guide created by CISA the Multi-State Information Sharing and Analysis Center (MS-ISAC). The following are just few of the recommendations given by the much larger guide. Consider reading the full guide and implementing as many of the recommendations as possible.

• Organizations should follow regular patching schedules
• Use multi-factor authentication where possible
• Disable unused remote access/Remote Desktop Protocol (RDP) ports and monitor remote access/RDP logs
• Identify critical assets such as patient database servers, medical records, and teleheatlh and telework infrastructure; create backups of these systems and house the backups offline from the network
• Regularly back up data, air gap, and password protect backup copies offline
• Use the 3-2-1 rule as a guideline for backup practices. The rule states that three copies of all critical data are retained on at least two different types of media and at least one of them is stored offline

Source: https://www.facebook.com/SkyLakesMedicalCenter/posts/3533508560029776

https://www.skylakes.org/news/releases/sky-lakes-hit-by-ransomware-attack

https://us-cert.cisa.gov/ncas/alerts/aa20-302a

https://www.cisa.gov/publication/ransomware-guide