Healthcare Targeted Ransomware
Federal agencies have issued an unprecedented warning against “an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”
The joint cybersecurity advisory comes from the Cybersecurity Infrastructure and Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS).
What should you do?
Experiencing an active cyberattack?
If your hospital or healthcare provider is currently under attack, Sophos Rapid Response can help immediately, whether you’re a Sophos customer or not.
Delivered by an expert team of incident responders, Sophos Rapid Response provides lightning-fast assistance, identifying and neutralizing active threats against organizations. Onboarding starts within hours, and most customers are triaged within 48 hours. Rapid Response is an industry-first, fixed-fee remote incident response service that identifies and neutralizes active cybersecurity attacks throughout its entire 45-day term of engagement.
Experiencing an active incident and are interested in the Rapid Response service?
Call your regional number below at any time to speak with one of our Incident Advisors.
USA: +1 4087461064
Australia: +61 272084454
Canada: +1 7785897255
France: +33 186539880
Germany: +49 61171186766
United Kingdom: +44 1235635329
Advice for existing Intercept X customers
If you’re an existing Sophos Intercept X customer, ensure that Intercept X is deployed and up to date on every endpoint you’d like to protect – including servers. And while Intercept X is designed to stop targeted ransomware and other advanced attacks, pay close attention to all Sophos Central alerts that surface, and be on the lookout for persistent adversaries who will continue to try and breach your organization. Intercept X Advanced with EDR customers should leverage its powerful threat hunting and investigation capabilities that allow you to ask detailed questions so you can hunt for active adversaries and respond to advanced threats across your entire estate.
Get help from human experts
These days ransomware can be the end of a very long attack cycle where attackers may have already been on systems searching for valuable data to steal. Security tools work best in combination with human expertise - leveraging your security analysts to hunt for suspicious indicators and prevent a potential issue. Not all organizations have these skilled resources, so if you need additional assistance from human experts, we’re here to help with our Sophos Managed Detection and Response (MDR) service. Sophos MDR provides 24/7 threat hunting, detection, and response capabilities delivered by an expert team as a fully-managed service. Going beyond simply notifying you of attacks or suspicious behaviors, the Sophos MDR team takes targeted actions on your behalf to neutralize even the most sophisticated and complex threats, including Ryuk and other ransomware families.
“Sophos Rapid Response takes immediate action to extinguish the fire, which in the case of a hospital that we helped this month after it was hit by Ryuk ransomware and forced to shut down, meant the difference between life or death.”
“Sophos is working 24 hours a day, so I don’t have to.”
“Having Sophos here is like having an additional security operations center (SOC) under our control because it’s doing so much of the work for us.”
“The good news is that Sophos never fails to protect us. It stops everything malicious and provides us with alerts, so we can respond quickly – and to me, that’s worth its weight in gold.”
“Sophos has set the bar for security. Its products integrate seamlessly to better service a company’s whole environment.”
Add Sophos ransomware protection
If you’re not currently a Sophos endpoint customer, you can leverage the advanced protection found in Intercept X free for 30 days, including Sophos’ leading anti-ransomware technologies. The free trial also features our endpoint detection and response (EDR) capabilities, designed to help maintain IT security operations hygiene and hunt down stealthy threats.
FBI “ransomware warning” for healthcare is a warning for everyone!
Get the Naked Security perspective on the FBI's healthcare ransomware warning.
Healthcare ransomware guide
This article outlines five critical steps that healthcare organizations can take to stop targeted ransomware attacks. Learn about maintaining IT hygiene, educating your users, minimizing lateral movement, and more.