HHS Creating Center for Improved Healthcare Cybersecurity
May 16, 2017 01:45 PM
With news of recent incidents of global ransomware on the rise, the U.S. Department of Health and Human Services (HHS) plans to create its own version of the National Cybersecurity and Communications Integration Center (NCCIC) in an effort to create stronger healthcare cybersecurity.
HHS Chief Information Security Officer Christopher Wlaschin recently explained that the Health Cybersecurity and Communications Integration Center (HCCIC) should reach initial operating capability around the end of June. HHS will provide grants to the National Health Information Sharing and Analysis Center (NH-ISAC) to encourage a broad participation in an effort to analyze privacy and security threats and then deliver best practices to providers. HCCIC will also be a collaborative partnership, and work with mobile app developers to ensure that patient data remains secure on numerous platforms.
The NCCIC is part of the Department of Homeland Security (DHS), and is described as “a 24x7 cyber situational awareness, incident response, and management center.” The NCCIC shares information among public and private sector partners to build awareness of vulnerabilities, incidents, and mitigations regarding cybersecurity matters.
This renewed effort by the U.S. government to help businesses combat cyber threats comes as ransomware cyber-attacks started hitting hospitals, governments, schools and various companies in different parts of the world on Friday; initially recorded more than 45,000 attacks in almost 100 countries, including Russia, Britain, Germany, Taiwan and more. The WanaCrypt0r 2.0 is the name of the infected malware that's been attacking different computers with an email that requires the various organizations to pay ransom in Bitcoin currency.
The initial attack vector has been email, through spam. These messages are typically fake invoices, job offers and other lures which are sent to random email addresses. Within the email is a .zip file and once clicked, that initiates the WannaCry infection. The attack is then spreading on internal networks using a P2P exploitation of SMB (Server Message Block) known as EternalBlue. The files are being dropped by a worm which abuses SMB, a network file sharing protocol. The file extension used is .wncry, which drops a ransomware notification named: @Please_Read_Me@.txt in common file and folder locations.
If your organization is the victim of a ransomware attack, please contact law enforcement immediately.
Contact your FBI Field Office Cyber Task Force immediately to report a ransomware event and request assistance. These professionals work with state and local law enforcement and other federal and international partners to pursue cyber criminals globally and to assist victims of cyber-crime.
Report cyber incidents to the US-CERT and FBI's Internet Crime Complaint Center.
For further analysis and healthcare-specific indicator sharing, please also share these indicators with HHS’ Healthcare Cybersecurity and Communications Integration Center (HCCIC) at HCCIC_RM@hhs.gov
How to find the most up-to-date information from the U.S. government:
For overall Cyber Situational Awareness visit the US-CERT National Cyber Awareness System webpage at: https://www.us-cert.gov/ncas
NCCIC portal for those who have access: hsin.dhs.gov
FBI FLASH: Indicators Associated With WannaCry Ransomware
The National Association for Home Care & Hospice advises it members to take appropriate precautions to protect their computer systems since the ransomware exploits a vulnerability in outdated versions of Microsoft Windows that is particularly problematic for corporations and business that haven’t automatically update their systems.