ONC Health IT Issues Cyber Notice on Ransomware (Update #2)
DISCLAIMER: This product is provided “as is” for informational purposes only. The Department of Health and Human Services (HHS) does not provide warranties of any kind regarding any information contained within. HHS does not endorse any commercial product or service referenced in this product or otherwise. You may forward this message widely with no restrictions.
Dear HPH Sector Colleagues,
HHS continues to monitor on-going impacts to the HPH Sector from Petya/notPetya ransomware. At this time there is no new information to share about the threat vector. We are tracking the resolution of port closures, medical data software availability, and impacts to pharmaceutical companies and will report to you if we become aware of any long-term impacts to the HPH Sector.
HHHS/ASPR CIP will continue to monitor the situation but will no longer provide daily updates unless the situation warrants. We encourage you to connect with relevant trade associations, ISAO/ISACs, and government partners to discuss any long-term concerns related to this ransomware event.
Please review the information below. You may share this message freely with no restrictions. We will update you as more information becomes available.
Thank you -
HHS/ASPR Critical Infrastructure Protection Program
National Health Information Sharing and Analysis Center (NH-ISAC) in collaboration with ONC and ASPR disseminates cyber alerts and threat updates. To sign up to receive these alerts, go to https://nhisac.org/outreach/, on the left, you’ll see a box to enter your email information to subscribe.
To join the PHE mailing list please visit: https://www.phe.gov/Preparedness/planning/cip/Pages/mailinglist.aspx
If your organization is the victim of a ransomware attack, HHS recommends the following steps:
06/27/2017 12:56 PM EDT
Original release date: June 27, 2017 US-CERT has received multiple reports of Petya ransomware infections occurring in networks in many countries around the world. Ransomware is a type of malicious software that infects a computer and restricts users' access to the infected machine until a ransom is paid to unlock it. Individuals and organizations are discouraged from paying the ransom, as this does not guarantee that access will be restored. Using unpatched and unsupported software may increase the risk of proliferation of cybersecurity threats, such as ransomware.
Petya ransomware encrypts the master boot records of infected Windows computers, making affected machines unusable. Open-source reports indicate that the ransomware exploits vulnerabilities in Server Message Block (SMB). US-CERT encourages users and administrators to review the US-CERT article on the Microsoft SMBv1 Vulnerability and the Microsoft Security Bulletin MS17-010. For general advice on how to best protect against ransomware infections, review US-CERT Alert TA16-091A. Please report any ransomware incidents to the Internet Crime Complaint Center (IC3).
HITRUST has shared the following Threat Bulletin for distribution.