In an earlier post, Clint Eschberger explained that the Best Defense Against Ransomware is a Good Backup. So hopefully your backups are in order – multiple, off-site, and tested.
In addition to your internal processes for getting your organization back online, the HHS just issued the following guidance for reporting ransomware incidents and obtaining guidance.
If your organization is the victim of a ransomware attack, HHS recommends the following steps:
- Please contact your FBI Field Office Cyber Task Force (www.fbi.gov/contact-us/field/
field-offices) or US Secret Service Electronic Crimes Task Force (www.secretservice.gov/ investigation/#field) immediately to report a ransomware event and request assistance. These professionals work with state and local law enforcement and other federal and international partners to pursue cyber criminals globally and to assist victims of cyber-crime. - Please report cyber incidents to the US-CERT (www.us-cert.gov/ncas) and FBI’s Internet Crime Complaint Center (www.ic3.gov).
- If your facility experiences a suspected cyber attack affecting medical devices, you may contact FDA’s 24/7 emergency line at 1-866-300-4374. Reports of impact on multiple devices should be aggregated on a system/facility level.
- For further analysis and healthcare-specific indicator sharing, please also share these indicators with HHS’ Healthcare Cybersecurity and Communications Integration Center (HCCIC) at HCCIC@hhs.gov