The Department of Health and Human Services (HHS), the Cybersecurity and Infrastructure Agency (CISA), the FBI, and the Multi-State Information Sharing and Analysis Center issued an advisory warning health care organizations and other critical infrastructure entities of the Black Basta ransomware attack and encouraging them to implement mitigations. The advisory explains that affiliates of Black Basta access systems through methods such as phishing and then encrypt and exfiltrate data, giving victims 10 to 12 days to pay ransom before the compromised data is posted publicly.
The agencies note that cybercriminals target health care organizations due to their size, technological dependence, access to personal health information, and the ability to cause disruptions to patient care. The agencies urge health care and public health sector and all critical infrastructure organizations to implement certain recommendations to mitigate risk, including:
- Install updates for operating systems, software, and firmware as soon as they are released.
- Require phishing-resistant, multifactor authentication for as many services as possible.
- Implement recommendations, including training users to recognize and report phishing attempts from Phishing Guidance: Stopping the Attack Cycle at Phase One.
- Secure remote access software by applying mitigations from the Guide to Securing Remote Access Software.
- Make backups of critical systems and device configurations to enable devices to be repaired and restored.
- Apply mitigations from the #StopRansomware Guide.
Victims of ransomware should report any incidents to the local FBI field office or CISA. The HHS continues to encourage providers to implement the voluntary Healthcare and Public Health Cybersecurity Performance Goals.