News of the recent worldwide cyberattack on the health sector in the UK has generated interest and inquiry in the US. The US Department of Health and Human Services (HHS) has taken the lead on collecting and disseminating useful information to healthcare constituencies since the discovery of this malicious attack on Friday. Although this iteration of the threat appears to be contained, ACHC encourages all healthcare providers to be vigilant in protecting against and reporting any cyber threats. Below is the update released by HHS.
We would like to flag for the community that a partner noted an exploitative social engineering activity whereby an individual called a hospital claiming to be from Microsoft and offering support if given access to their servers. It is likely that malicious actors will try and take advantage of the current situation in similar ways. Additionally, we received anecdotal notices of medical device ransomware infection.
How to request an unauthenticated scan of your public IP addresses from DHS
The US-CERT’s National Cybersecurity Assessment & Technical Services (NCATS) provides integrated threat intelligence and an objective third-party perspective on the current cybersecurity posture of the stakeholder’s unclassified operational/business networks. NCATS security services are available at no cost to stakeholders. For more information, please contact NCATS_INFO@hq.dhs.gov.
If you are the victim of ransomware or have cyber threat indicators to share, please contact law enforcement immediately.
For the most up-to-date information from the U.S government on cybersecurity issues, visit:
Other Resources: