The FBI, the Department of Health and Human Services (HHS), and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) warned Wednesday that cybercriminals were stepping up ransomware attacks on health sector groups as the organizations grappled with a new wave of COVID-19 cases. The virus was also involved in an attack on Pennsylvania-headquartered hospital chain Universal Health Services, with all 250 of its U.S. healthcare facilities negatively impacted by a ransomware attack earlier this month
Network Best Practices
Patch operating systems software and firmware as soon as manufacturers release updates
Check configurations for every operating system version for Healthcare and Public Health Sector (HPH) organization owned assets to prevent issues from arising that local users are unable to fix due to having local administration disabled
Regularly change passwords to network systems and accounts and avoid reusing passwords for different accounts
Use multi-factor authentication where possible
Disable unused remote access/Remote Desktop Protocol (RDP) ports and monitor remote access/RDP logs
Implement application and remote access allow listing to only allow systems to execute programs known and permitted by the established security policy
Audit user accounts with administrative privileges and configure access controls with least privilege in mind
Audit logs to ensure new accounts are legitimate
Scan for open or listening ports and mediate those that are not needed
Identify critical assets; create backups of these systems and house the backups offline from the network
Implement network segmentation
Sensitive data should not reside on the same server and network segment as the email environment
Set antivirus and anti-malware solutions to automatically update; conduct regular scans