This week, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) have sent advisories regarding a cyber threat to hospitals and health care providers. The CISA, FBI, and HHS alert (https://us-cert.cisa.gov/ncas/alerts/aa20-302a) suggests there is credible information that a widespread ransomware attack using Ryuk, TrickBot, and other malware will take place this weekend. The threat actors are claiming that they are targeting 400 healthcare organizations. Experts suggest entities may already have the encryption malware on their systems, but the threat actors have not yet commanded it to activate.

Healthcare providers can prepare themselves by taking appropriate steps to protect their systems. The attached advisory from Ankura, a cyber insurance market breach response vendor, is an example of guidance for IT departments in preparation for a ransomware event. Preparation for such an event should always include identifying legal, forensics, and ransomware response vendors who can assist in responding and navigating the complicated choices over whether extortion amount should be paid and whether operations can continue.

Risk managers should be ready to contact their cyber insurance carriers and get pre-approved consent for breach response firms, if they have not already. These pre-approved breach response firms should be contacted to ensure they are readily available to respond should the need arise.

Need help? Contact Hays Companies’ Cyber and Claims Team.


This document is provided for general information purposes only and should not be considered legal or tax advice or legal or tax opinion on any specific facts or circumstances. Readers are urged to consult their legal counsel and tax advisor concerning any legal or tax questions that may arise.


Interested in learning more? Connect with us today: