Ransomware Activity Targeting the Healthcare & Public Health Sector (October 30, 2020)
The Department of Health and Human Services (HHS), the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation (FBI) have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers. CISA, FBI, and HHS have updated Alert AA20-302A: Ransomware Activity Targeting the Healthcare and Public Health Sector to include the latest threat information to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.
To report suspicious or criminal activity related to information found in this Joint Cybersecurity Advisory:
- Contact your local FBI field office at https://www.fbi.gov/contact-us/field-offices, or the FBI’s 24/7 Cyber Watch (CyWatch) at (855) 292-3937 or by e-mail at CyWatch@fbi.gov.
- Please include the following information regarding the incident: date, time, and location of the incident; type of activity; number of people affected; type of equipment used for the activity; the name of the submitting company or organization; and a designated point of contact.
- To request incident response resources or technical assistance related to these threats, contact CISA at Central@cisa.dhs.gov.
- If you think you had a problem with your medical device or a medical device your patient uses, the FDA encourages you to report the problem through the MedWatch Voluntary Reporting Form.
- For urgent matters, such as potential medical device impacts related to a cyber-attack affecting your hospital system, please contact CyberMed@fda.hhs.gov.
For more analysis and health care-specific indicator sharing, please browse to the HHS’ Healthcare Cybersecurity and Communications Integration Center.
Large scale cyber-attack (2017)
A major cyber-attack happened around the world on May 12, 2017 and included at least 150 countries.
Organizations that are victims of a ransomware attack should:
- Contact their FBI Field Office Cyber Task Force or US Secret Service Electronic Crimes Task Force right away to report a ransomware event and ask for help. These professionals work with state and local law enforcement and other federal and international partners to go after cyber criminals around the world and help victims of cyber-crime.
- Report cyber incidents to the US-CERT and the FBI’s Internet Crime Complaint Center.
If your health care facility experienced a suspected cyberattack that affected medical devices, contact the FDA’s 24/7 emergency line at 1-866-300-4374. You should group together reports about multiple devices in your system or facility. For more analysis and health care-specific indicator sharing, contact HHS’ Healthcare Cybersecurity and Communications Integration Center.