The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of the Treasury issued a joint advisory on Wednesday warning about North Korean state-sponsored cyber actors that are targeting the Healthcare and Public Health Sector.
According to the Cybersecurity Advisory, the FBI has observed and responded to multiple ransomware incidents linked to North Korean state-sponsored cyber actors since May last year. The hackers used Maui ransomware “to encrypt servers responsible for healthcare services—including electronic health records services, diagnostics services, imaging services, and intranet services
CISA’s Executive Assistant Director for Cybersecurity Eric Goldstein said North Korea’s “malicious activity” poses “a significant risk to organizations of all sizes.”
The agencies believe that the North Korean cyber actors likely targeted Healthcare and Public Health Sector organizations because they assume those groups will pay ransoms in order to continue providing “services that are critical to human life and health.”
As a result, the agencies agree that North Korean state-sponsored actors will likely continue targeting Healthcare and Public Health Sector organizations.
“The FBI, along with our federal partners, remains vigilant in the fight against North Korea’s malicious cyber threats to our healthcare sector,” said FBI Cyber Division Assistant Director Bryan Vorndran. “We are committed to sharing information and mitigation tactics with our private sector partners to assist them in shoring up their defenses and protecting their systems.”
In an effort to mitigate cyberattacks, the agencies recommend Healthcare and Public Health Sector organizations take the following steps:
- Limit access to data through authentication infrastructure and digital certificates.
- Use standard user accounts rather than administrative accounts on internal systems.
- Secure network devices with strong passwords and encryption when enabled.
- Only store personal patient data on internal systems that are protected by firewalls, and ensure extensive backups are available if data is ever compromised.
- Employ monitoring tools to determine if a system has been compromised.
The agencies also recommend organizations implement training programs and phishing exercises “raise awareness among users about the risks of visiting suspicious websites, clicking on suspicious links, and opening suspicious attachments.”
“Ransomware victimizes people and businesses, large and small, across America. Treasury has worked closely with CISA and FBI to counter ransomware and protect financial sector critical infrastructure,” said Rahul Prabhakar, Treasury Deputy Assistant Secretary for Cybersecurity and Critical Infrastructure Protection. “This joint advisory on Maui ransomware provides guidance that organizations of all sizes across the country can use to help defend themselves. We will continue to work closely with our partners to push out actionable information on ransomware and other malicious activity as quickly as possible to help individuals and businesses guard against ever-evolving cyber threats.”