Urgent Bulletin: FBI Alert on Imminent Ransomware Attack on U.S. Hospitals

October 29, 2020 - ATLANTA, GA - Meditology Services has been advised of a credible and imminent ransomware attack on the US healthcare system from an eastern European criminal group. The FBI, HHS, DHS, the CISA, and several other sources have advised that a coordinated attack on the healthcare system is planned for over 400 healthcare entities and may already be underway.

The CISA reports, “CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers. CISA, FBI, and HHS are sharing this information to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.”[1]

The specific attack leverages a ransomware known as “Ryuk,” which locks up a victim’s computer until payment is received. The attack also leverages a specific set of malware known as Trickbot. Meditology has received reports of healthcare entities battling new ransomware and malware attacks this week, however, these have not yet been formally tied back to the Ryuk and Trickbot attacks.

Charles Carmakal, senior vice president for Mandiant, told Reuters that this cybercriminal group UNC1878 is “one of most brazen, heartless, and disruptive threat actors he’s observed over the course of his career”.[2] “We are experiencing the most significant cyber security threat we’ve ever seen in the United States”, said Carmakal.[3]

  1. Review the specific attack vectors and indicators of compromise listed in the resources section below to evaluate for potential infection of the Ryuk/Trickbot malware
  2. Maintain offline, encrypted backups of data and to regularly test your backups
  3. Create, maintain, and exercise a basic cyber incident response plan and associated communications plan
  4. Accelerate any pending security patches
  5. Review incident response and business continuity plans this week to prepare for potential attacks
  6. Focus on awareness and training; advise the workforce of threats - such as ransomware and phishing scams - how they are delivered, and whom to contact if they observe suspicious activity
  7. Know how to contact federal authorities when phones are down or communication systems become unavailable
  8. Continue to monitor the situation and make adjustments and communications internally to the organizations as needed

Meditology will continue to monitor the situation and will advise of updates on our news and events portion of our website as this situation unfolds. Contact us if you have any questions or if we can help you with your preparation or response to these ransomware attacks.

Media Contact

Stephanie Attaway, Meditology Services
[email protected]
(732) 768-0593


Most Recent News Articles
Meditology Introduces RITHM, A New Subscription Program for IT Risk Management and Compliance Read More
Meditology Announces Strategic Growth Investment from Primus Capital Read More
Meditology Announces Promotion of Ryan Freeman-Jones to Partner Read More