On October 28, the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) alerted the health care industry to an increased ransomware threat by criminals seeking to capitalize on the COVID-19 pandemic and U.S. elections.

These agencies recommend that providers and their office staff take the following precautions when using email:

1. Pay close attention to domain names, particularly those that seem suspicious, misleading, or misspelled.

2. Do not click on links or attachments from senders that they do not recognize and be especially wary of .zip or other compressed or executable file types.

3. Do not provide sensitive personal information (like usernames and passwords) over email.

4. Be especially cautious when opening attachments or clicking links if they receive an email containing a warning banner indicating that it originated from an external source.

These agencies do not recommend paying ransoms, as payment does not guarantee files will be recovered. If you or your group becomes a victim of ransomware, CISA recommends that you respond by using the Ransomware Response Checklist, which can be found in the CISA and MS-ISAC's Joint Ransomware Guide. The checklist contains steps for detecting and eradicating ransomware.

ADDITIONAL INFORMATION

Detailed information about ransomware and a copy of the full alert of October 28th can be found on the CISA website.