Seaman’s Insurance Group just received an URGENT CYBER BULLETIN – IMMINENT RANSOMWARE THREAT THIS WEEKEND – We are here to help you with all of your insurance needs including Cyber Risk which includes Ransomware Threats.
Copy and pasted here is the notice provided by our friends at RPS:
Please share this information with your insureds in the healthcare sector immediately.
URGENT CYBER BULLETIN – IMMINENT RANSOMWARE THREAT
The Cybersecurity and Infrastructure Security Agency (CISA), the Department of Health and Human Services (HHS) and the FBI collectively issued a public cybersecurity advisory yesterday regarding an URGENT CYBER BULLETIN – IMMINENT RANSOMWARE THREAT attack against the healthcare and public health sector this weekend. Information suggesting plans by an Eastern European threat group’s intentions to launch a widespread Ryuk ransomware attack is deemed highly credible.
The advisory (found here) warns that:
- Malicious cyber actors are targeting the HPH Sector with Trickbot malware, often leading to ransomware attacks, data theft, and the disruption of healthcare services.
- These issues will be particularly challenging for organizations within the COVID-19 pandemic; therefore, administrators will need to balance this risk when determining their cybersecurity investments.
The advisory shares specific threat details, indicators of compromise and mitigation strategies. Ransomware best practices included in the advisory include:
- Regularly back up data, air gap, and password protect backup copies offline.
- Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, secure location.
As always, if your insureds have purchased a cyber insurance policy, it is critical that they contact the breach reporting hotline provided with their policy immediately upon suspecting malicious activity, or, are faced with a network disruption or ransomware attack. These policies are designed to provide the incident response and legal resources your insured will need to navigate these incidents, comply with regulatory guidelines, and return to operational normalcy as quickly as possible. Not doing so could not only expose insureds to uninsurable loss, but could significantly hinder their ability to recover from attacks of this nature as they try to source help on their own.
To download a pdf of this advisory, click here.