How should I respond to the federal advisory about ransomware for healthcare (October 2020)

We recommend you take the following steps with any healthcare clients who are Corvus Smart Cyber policyholders in response to this significant threat.

On October 28th, 2020 a group of federal agencies published a joint cybersecurity advisory (PDF) informing hospitals and healthcare providers of an imminent ransomware threat.

Next steps for brokers with healthcare clients

  • Your client may have already been contacted directly by the FBI. If this is the case, please reach out to cyberclaims@corvusinsurance.com so we can help coordinate incident response vendors. 
  • If your client has not been contacted, and is unaware of the situation, please share with them the advisory as well as this list of Indicators of Compromise (IoCs) published by the security firm Mandiant. Your client’s IT department can use these to assess their current level of risk. If they find indicators of compromise, or have experienced a recent Trickbot infection that was remediated in-house without use of an expert vendor, reach out to cyberclaims@corvusinsurance.com
  • If they do not find any indicators of compromise, we recommend they follow the steps within the federal advisory, and reach out to us with any questions.    

For more context on this threat, we recommend this article from KrebsOnSecurity: FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals