Federal Agencies Issue Alert Regarding Maui Ransomware

Foley Hoag LLP - Security, Privacy and the Law
Contact

Foley Hoag LLP - Security, Privacy and the Law

On July 7, 2022, three federal agencies – the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and the Department of the Treasury – issued a joint alert regarding Maui Ransomware, which has been linked to ransomware attacks on healthcare and public health entities carried out by North Korean state-sponsored cyber actors.

These are the key recommendations of the alert:

  • Since at least May 2021, the FBI has noted multiple ransomware incidents involving Maui ransomware in the healthcare and public health sector, targeting health records, diagnostics services, imaging services, and intranet services.
  • The agencies also encourage healthcare and public health entities to take steps to prepare for ransomware:
    • Maintain offline backups and regularly test those backups.
    • Create, maintain, and exercise cyber incident response plans and associated communications.
    • Secure personally identifiable information and personal health information at collection points and encrypt that data at rest and in transit, in accordance with requirements under HIPAA.
    • Monitor mobile devices and Internet of Things (“IoT”) or “smart” devices that are behaving erratically.
    • Create and regularly review internal policies regarding the collection, storage, access, and monitoring of personally identifiable information and personal health information.
    • Deploy public key infrastructure and digital certificates to authenticate connections with the network, IoT devices, and electronic health records systems.
  • Healthcare and public health entities are also encouraged to follow best practices for preventing ransomware:
    • Secure and monitor remote desktop protocol and similar services.
    • Implement user training around phishing and similar topics.
    • Utilize multi-factor authentication, particularly for remote access, webmail, VPNs, critical systems, and systems that manage backups.
    • Utilize strong passwords and avoid reusing passwords for multiple accounts.
    • Require administrator credentials to install software.
    • Audit user accounts with administrative or elevated privileges.
    • Install and regularly update antivirus and anti-malware software.
    • Avoid use of public wifi networks.
    • Utilize an email banner to note messages originating outside of the organization.
    • Disable hyperlinks in received emails.

The agencies discourage affected entities from paying ransoms associated with the Maui ransomware for two reasons: (1) doing so has not traditionally guaranteed recovery of affected data, and (2) pursuant to a September 2021 advisory from the Treasury Department, because of existing sanctions on North Korea, it is possible that paying ransoms may pose sanctions risks.  Foley Hoag has issued two prior alerts on the sanctions risks posed by ransomware payments.

The agencies do, however, encourage all affected entities to report ransomware incidents to Federal authorities in order to assist the agencies with tracking, and responding to, these incidents.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Foley Hoag LLP - Security, Privacy and the Law | Attorney Advertising

Written by:

Foley Hoag LLP - Security, Privacy and the Law
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Foley Hoag LLP - Security, Privacy and the Law on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide