On October 28, officials from the FBI and the U.S. Department of Homeland Security alerted healthcare executives of an “imminent cybercrime threat to U.S. hospitals and healthcare providers.” The ransomware attacks could begin as soon as this weekend.
One security expert has claimed to have seen communications from cyber crime group Ryuk, in which members planned to attack as many as 400 U.S facilities. You can read more details at the Krebs on Security blog post.
Carriers are taking notice and issuing warnings as well, and for good reason. Ryuk ransomware is particularly harmful: According to a Covewave report, the average payment for Ryuk attacks in Q1 of 2020 was over $1M alone.
As always, good risk management can help to mitigate ransomware attacks by using layered security, employee training and segmented backups among other controls. As a policyholder of INSUREtrust, your clients have access to industry leaders via our exclusive partnership with Tracepoint, and well as several free pre-breach services through our ASSUREtrust CyberSecure program. The combination of Tracepoint and ASSUREtrust can help your clients work through improvements in their security posture.
Should your clients suffer an incident this weekend or anytime in the future, please be sure they know where to find the claim hotlines for their particular carrier. Also remember to always copy us on any claims report at firstname.lastname@example.org to ensure we can support the client and you in their time of need.
For more information about this particular threat, you can also read the Joint Cybersecurity Advisory from the Cybersecurity and Infrastructure Security Agency (CISA), the FBI, and the Department of Health and Human Services.