May 13, 2017 – HHS Update #2: International Cyber Threat to Healthcare Organizations

This information is marked TLP White; Subject to standard copyright laws. TLP: White information may be distributed without restriction.

*Any reproduction or reposting of this content requires proper credit/attribution to NH-ISAC.

Where can I find the most up-to-date information from the U.S. government?

– For overall Cyber Situational Awareness visit the US-CERT National Cyber Awareness System webpage at: https://www.us-cert.gov/ncas

– NCCIC portal for those who have access: hsin.dhs.gov

– FBI FLASH: Indicators Associated With WannaCry Ransomware

https://content.govdelivery.com/attachments/USDHSCIKR/2017/05/13/file_attachments/816377/FLASH_WannaCry_FINAL.PDF

Where can I find the latest Microsoft Security Information?

Visit the Microsoft Update Catalog for the latest security updates – http://www.catalog.update.microsoft.com/Search.aspx?q=KB4012598

ASPR TRACIE: Healthcare Cybersecurity Best Practices

Our message from May 12, 2017 including information on how to protect from email-based and open RDP ransomware attacks can be found on the TRACIE portal here – https://asprtracie.hhs.gov/documents/newsfiles/NEWS_05_13_2017_08_17_11.pdf

ASPR TRACIE (https://asprtracie.hhs.gov/) also has the best and promising healthcare cybersecurity practices available in our Technical Resources domain. Issue 2 of The Exchange (released in 2016 – https://asprtracie.hhs.gov/documents/newsletter/ASPR-TRACIE-Newsletter-The-Exchange-Issue-2.pdf) highlights lessons learned from a recent attack on a U.S. healthcare system and features articles that demonstrate how collaboration at all levels is helping healthcare facilities implement practical, tangible steps to prevent, respond to, and recover from cyberattacks. The video Cybersecurity and Healthcare Facilities (https://www.youtube.com/watch?v=sWTIIQZxAG4&feature=youtu.be&ab_channel=PHEgov) features subject matter experts describing last year’s attack on MedStar, steps we can take to prevent and mitigate attacks, and what the federal government is doing to address cybersecurity. The Cybersecurity and Information Sharing Topic Collections (https://asprtracie.hhs.gov/technical-resources/80/information-sharing-partners-and-employees/77) include annotated resources reviewed and approved by a variety of subject matter experts.

How to request an unauthenticated scan of your public IP addresses from DHS

The US-CERT’s National Cybersecurity Assessment & Technical Services (NCATS) provides integrated threat intelligence and provides an objective third-party perspective on the current cybersecurity posture of the stakeholder’s unclassified operational/business networks.

– NCATS focuses on increasing the general health and wellness of the cyber perimeter by broadly assessing for all known external vulnerabilities and configuration errors on a persistent basis, enabling proactive mitigation prior to exploitation by malicious third parties to reduce risk.

– Attributable data is not shared or disseminated outside of DHS or beyond the stakeholder; non-attributable data is used to enhance situational awareness.

– NCATS security services are available at no-cost to stakeholders. For more information please contact NCATS_INFO@hq.dhs.gov

If you are the victim of ransomware or have cyber threat indicators to share

If your organization is the victim of a ransomware attack, please contact law enforcement immediately.

Contact your FBI Field Office Cyber Task Force immediately to report a ransomware event and request assistance. These professionals work with state and local law enforcement and other federal and international partners to pursue cyber criminals globally and to assist victims of cyber-crime.
Report cyber incidents to the US-CERT and FBI’s Internet Crime Complaint Center.
For further analysis and healthcare-specific indicator sharing, please also share these indicators with HHS’ Healthcare Cybersecurity and Communications Integration Center (HCCIC) at HCCIC_RM@hhs.gov