We recommend you take the following steps with any healthcare clients who are Corvus Smart Cyber policyholders in response to this significant threat.
Next steps for brokers with healthcare clients
- Your client may have already been contacted directly by the FBI. If this is the case, please reach out to email@example.com so we can help coordinate incident response vendors.
- If your client has not been contacted, and is unaware of the situation, please share with them the advisory as well as this list of Indicators of Compromise (IoCs) published by the security firm Mandiant. Your client’s IT department can use these to assess their current level of risk. If they find indicators of compromise, or have experienced a recent Trickbot infection that was remediated in-house without use of an expert vendor, reach out to firstname.lastname@example.org.
- If they do not find any indicators of compromise, we recommend they follow the steps within the federal advisory, and reach out to us with any questions.
For more context on this threat, we recommend this article from KrebsOnSecurity: FBI, DHS, HHS Warn of Imminent, Credible Ransomware Threat Against U.S. Hospitals