The Department of Health and Human Services (HHS) Cybersecurity Program issued an alert in late April to healthcare providers warning them to guard against the "exceptionally aggressive" Hive ransomware group. The financially-motivated group has been very aggressive in targeting the U.S. health sector using many common ransomware tactics, including the exploit of remote desktop protocol, or virtual private networks (VPNs) and phishing attacks. Some victims have received phone calls from the ransomware group to pressure them to pay and conduct negotiations, according to HHS.
HHS recommends the following general efforts to help prevent ransomware attacks:
- Maintain offline, encrypted backups of data and regularly test your backups
- Create, maintain, and exercise a basic cyber incident response plan, resiliency plan, and associated communications plan
- Mitigate internet-facing vulnerabilities and misconfigurations
- Reduce the risk of phishing emails from reaching end users
- Practice good cyber hygiene
HHS also recommends the following specific mitigations/detections for Hive ransomware that you can share with your IT Administrator:
- Remove applications not deemed necessary for day-to-day operations
- Abnormal termination of the bmr, sql, oracle, postgres, redis, vss, backup, and sst services
- Abnormal termination of the mspub and msdesktop processes
- Log monitoring
Additional information from HHS regarding Hive ransomware and how to defend against it can be found here.
Cyber Liability Coverage and Additional Resources
LAMMICO includes a basic limit of MEDEFENSE® Plus/Cyber Liability coverage in most medical professional liability policies at no additional charge to the insured. We also offer the option to purchase higher limits of protection through our subsidiary agency, Elatas Risk Partners, subject to underwriting which will include questions that hone in on two factor authentication and backup processes and procedures. Please contact Carly Thames, Elatas Account Executive, at firstname.lastname@example.org or 225.906.2062 for information on purchasing higher limits of Cyber Liability insurance.
In partnership with our cyber risk experts, Tokio Marine HCC – Cyber & Professional Lines Group, LAMMICO offers our insureds complimentary access to TMHCC CyberNET®, the most advanced cyber risk management solutions inclusive of incident response plans, compliance and training materials as well as information addressing latest trends in data breaches and cybercrime, including those concerns surrounding COVID-19.