- Home
- Advocacy
- Latest News and Practice Data
- New Joint Cybersecurity Advisory Encourages Health Care Organizations to Take Action to Mitigate Threat of Ransomware
The Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS) released an update to a joint cybersecurity advisory #StopRansomware: ALPHV Blackcat on February 27 because of recent ransomware attacks primarily targeting the health care sector. Specifically, Change Healthcare, a subsidiary of UnitedHealth Group (UHG), experienced a ransomware attack originating from APHV/BlackCat. According to the Department of Justice, ALPHV/Blackcat has emerged as the second most prolific ransomware-as-a-service variant in the world based on the hundreds of millions of dollars in ransoms paid by victims around the world. UHG has indicated they have taken appropriate action to contain the incident so that customers and partners do not need to sever network connections and disrupt vital services. Read the Advisory
Actions to take today to mitigate against the threat of ransomware:
- Routinely take inventory of assets and data to identify authorized and unauthorized devices and software.
- Prioritize remediation of known exploited vulnerabilities.
- Enable and enforce multifactor authentication with strong passwords.
- Close unused ports and remove applications not deemed necessary for day-to-day operations.
Resources:
- Stopransomware.gov is a whole-of-government approach that gives one central location for ransomware resources and alerts.
- Resource to reduce the risk of a ransomware attack: #StopRansomware Guide.
- No-cost cyber hygiene services: Cyber Hygiene Services and Ransomware Readiness
- Assessment.
- Health and Human Services HPH Cybersecurity Gateway hosts the HPH CPGs and links to HHS cybersecurity resources.
- American Medical Association (AMA) webpage on Change Healthcare cybersecurity incident
Please make sure this information is seen and acted upon by the appropriate members of your organization, such as the IT department.