Urgent Bulletin: FBI Alert on Imminent Ransomware Attack on U.S. Hospitals

October 29, 2020 - ATLANTA, GA - CORL Technologies has been advised of a credible and imminent ransomware attack on the US healthcare system from an eastern European criminal group. The FBI, HHS, DHS, the CISA, and several other sources have advised that a coordinated attack on the healthcare system is planned for over 400 healthcare entities and may already be underway.

The CISA reports, “CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers. CISA, FBI, and HHS are sharing this information to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.”[1]

The specific attack leverages a ransomware known as “Ryuk,” which locks up a victim’s computer until payment is received. The attack also leverages a specific set of malware known as Trickbot. CORL has received reports of healthcare entities battling new ransomware and malware attacks this week, however, these have not yet been formally tied back to the Ryuk and Trickbot attacks.

Charles Carmakal, senior vice president for Mandiant, told Reuters that this cybercriminal group UNC1878 is “one of most brazen, heartless, and disruptive threat actors he’s observed over the course of his career”.[2] “We are experiencing the most significant cyber security threat we’ve ever seen in the United States”, said Carmakal.[3]

  1. Review the specific attack vectors and indicators of compromise listed in the resources section below to evaluate for potential infection of the Ryuk/Trickbot malware
  2. Monitor connections with third parties including VPNs and be prepared to sever links to infected vendors
  3. Maintain offline, encrypted backups of data and to regularly test your backups
  4. Create, maintain, and exercise a basic cyber incident response plan and associated communications plan
  5. Accelerate any pending security patches
  6. Review incident response and business continuity plans this week to prepare for potential attacks
  7. Focus on awareness and training; advise the workforce of threats - such as ransomware and phishing scams - how they are delivered, and whom to contact if they observe suspicious activity
  8. Know how to contact federal authorities when phones are down or communication systems become unavailable
  9. Continue to monitor the situation and make adjustments and communications internally to the organizations as needed

CORL will continue to monitor the situation and will advise of updates on our news and events portion of our website as this situation unfolds. Contact us if you have any questions or if we can help you with your preparation or response to these ransomware attacks.

Media Contact

Stephanie Attaway, CORL Technologies
[email protected]
(732) 768-0593


Most Recent News Articles
CORL Redefines Speed of Security Assessment Response with CORL Companion Read More
Integration of HITRUST Results Distribution System (RDS) with CORL Technologies Revolutionizes Healthcare Third-Party Risk Management Strategies Read More
CORL Technologies, Meditology Services Appoints Mikael Öhman as CEO Read More