Skip to Main Content
Services Talent Knowledge
Site Search


Our attorneys stay on top of changes in legislation, agency regulations, case law, and industry trends—then craft timely legal alerts to keep clients up to date on legal developments important to their business.

October 29, 2020

Federal Authorities Issue Warning About Imminent Ransomware Threat to Health Care Sector

On October 28, 2020, the Cybersecurity and Infrastructure Security Agency (CISA), Federal Bureau of Investigation (FBI), and Department of Health and Human Services (HHS) jointly issued an advisory regarding an increase in ransomware attacks on the health care and public health sectors. The advisory can be found here.

The advisory notes that “CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers.” The advisory further notes that cyber criminals are targeting the health care sector with “Trickbot” malware, which often is connected to ransomware attacks, data theft, and the disruption of health care services. This increased threat level comes, of course, as the nation is seeing another uptick in COVID-19 cases and increased levels of stress on health care providers, in particular hospitals that have already been targeted in this new wave of attacks.

News sources report a number of cyberattacks have already been launched against hospitals, and at least three hospital systems (in New York, California, and Oregon) have confirmed they were targeted within the past several days. The criminals are believed to be based in Russia and, according to some sources, may be targeting up to 400 hospitals and other medical facilities. Other reports have also noted the criminals are demanding higher ransoms in this latest round of attacks.

The advisory contains a variety of technical details that could assist IT and IS professionals in identifying and guarding against potential vulnerabilities. The advisory also sets forth a number of practical steps to help guard against potential cyberattacks, including:

Network Best Practices

  • Patch operating systems, software, and firmware as soon as manufacturers release updates.
  • Check configurations for every operating system version for organization-owned assets to prevent issues from arising that local users are unable to fix due to having local administration disabled.
  • Regularly change passwords to network systems and accounts, and avoid reusing passwords for different accounts.
  • Use multi-factor authentication where possible.
  • Disable unused remote access/Remote Desktop Protocol (RDP) ports, and monitor remote access/RDP logs.
  • Implement application and remote access to only allow systems to execute programs known and permitted by the established security policy.
  • Audit user accounts with administrative privileges, and configure access controls with least privilege in mind.
  • Audit logs to ensure new accounts are legitimate.
  • Scan for open or listening ports, and mediate those that are not needed.
  • Identify critical assets, such as patient database servers, medical records, and telehealth and telework infrastructure; create backups of these systems, and house the backups offline from the network.
  • Implement network segmentation. Sensitive data should not reside on the same server and network segment as the email environment.
  • Set antivirus and anti-malware solutions to automatically update; conduct regular scans.

Ransomware Best Practices

CISA, FBI, and HHS do not recommend paying ransoms. Payment does not guarantee files will be recovered. It may also embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and fund illicit activities. In addition to implementing the network best practices described above, the FBI, CISA, and HHS recommend the following:

  • Regularly back up data, air gap, and password protect backup copies offline.
  • Implement a recovery plan to maintain, and retain multiple copies of sensitive or proprietary data and servers in a physically separate, secure location.

User Awareness Best Practices

  • Focus on awareness and training. Because end users are targeted, make employees and stakeholders aware of the threats—such as ransomware and phishing scams—and how they are delivered. Additionally, provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities.
  • Ensure employees know who to contact when they see suspicious activity or when they believe they have been a victim of a cyberattack. This will ensure the proper established mitigation strategy can be employed quickly and efficiently.

As we have reported in other alerts, cyber criminals have proved to be particularly aggressive during the pandemic due to the extra strain on both networks and the employees using and operating them. This latest round of attacks is purposefully coordinated in connection with the stresses created by world events. Although health care providers are already stretched extremely thin, it is important to take steps necessary to guard against these cyberattacks, which can cripple IT infrastructure and disrupt a provider’s ability to effectively and efficiently deliver care to its patients.

If you have any questions regarding the content of this alert, please contact Nick DiCesare, Cybersecurity Team co-leader, at, or another member of the team.


Click here to sign up for alerts, blog posts, and firm news.

Featured Media


CDPAP Providers Get First Look at the Future of CDPAP Without FIs


New York State Fiscal Year 2025 Budget: Implications for Employers Unpacked


Lab Providers Under Increased Scrutiny From Civil and Criminal Agencies for OTC COVID-19 Test Claims


NYS Appellate Court Dismisses Claim Based on Material Misrepresentations in Insurance Application


It's Not Over Yet. Turning Your Judgments Into Dollars.


Website Accessibility Lawsuits: Several "Tester" Plaintiffs—Danso, Martinez, Hedges, Thorne, Genwright, and Donet—Targeting Businesses in Recent Flurry of Lawsuits

We're Growing in DC!

We’re excited to announce Barclay Damon’s combination with Washington DC–based Shapiro, Lifschitz & Schram. SLS’s 10 lawyers, three paralegals, and four administrative staff will join Barclay Damon while maintaining their current office in DC’s central business district. Our clients will benefit from SLS’s corporate, real estate, finance, and construction litigation experience and national energy-industry profile, and their clients from our full range of services.

Read More

This site uses cookies to give you the best experience possible on our site and in some cases direct advertisements to you based upon your use of our site.

By clicking [I agree], you are agreeing to our use of cookies. For information on what cookies we use and how to manage our use of cookies, please visit our Privacy Statement.

I AgreeOpt-Out