Live Webinar | Patient Access
Live Webinar | Finance and Business Strategy
Live Webinar | Finance and Business Strategy
Live Webinar | Finance and Business Strategy
Blog | Operations and Other Technology

FBI issues alert about ransomware threat affecting healthcare organizations

Blog | Operations and Other Technology

FBI issues alert about ransomware threat affecting healthcare organizations

The Conti ransomware attacks have disrupted healthcare networks in the U.S. and abroad, according to the alert.

The FBI has issued an alert about a ransomware attack that has affected U.S. healthcare organizations and first responders, among more than 290 organizations in the U.S. and 400 worldwide targeted during the past year.

There have been at least 16 instances in which the Conti ransomware attack has hit healthcare networks. Organizations listed as being impacted include law enforcement agencies, emergency medical services, 9-1-1- dispatch centers and municipalities.

The American Hospital Association (AHA), which coordinated with the FBI to publish and release the alert, noted that the attacks have “resulted in regionally disruptive impacts to critical infrastructure, including hospitals and health systems in the United States and Ireland.”

“These ransomware attacks have delayed or disrupted the delivery of patient care and pose significant potential risks to patient safety and the communities that rely on hospitals’ availability,” the AHA stated.

More details about the attacks

The ransomware works in typical fashion, according to the FBI alert:

“Like most ransomware variants, Conti typically steals victims’ files and encrypts the servers and workstations in an effort to force a ransom payment from the victim. The ransom letter instructs victims to contact the actors through an online portal to complete the transaction. If the ransom is not paid, the stolen data is sold or published to a public site controlled by the Conti actors. Ransom amounts vary widely, and we assess are tailored to the victim. Recent ransom demands have been as high as $25 million.”

The alert also states, “Conti actors gain unauthorized access to victim networks through weaponized malicious email links, attachments or stolen Remote Desktop Protocol (RDP) credentials.” The perpetrators use remote-access tools that “most often beacon to domestic and international virtual private server (VPS) infrastructure over ports 80, 443, 8080 and 8443. Additionally, actors may use port 53 for persistence.”

Recommended mitigation steps

The FBI lists various preventive steps for organizations in response to the Conti attacks and other ransomware efforts:

  • Regularly back up data, and air-gap and password-protect backup copies offline.
  • Ensure copies of critical data are not accessible for modification or deletion from the system where the data resides.
  • Implement network segmentation.
  • Implement a recovery plan to maintain and retain multiple copies of sensitive or proprietary data and servers in a physically separate, segmented, secure location (i.e., hard drive, storage device, the cloud).
  • Install updates/patch operating systems, software and firmware as soon as they are released.
  • Use multifactor authentication where possible.
  • Use strong passwords and regularly change passwords to network systems and accounts, implementing the shortest acceptable time frame for password changes. Avoid reusing passwords for multiple accounts.
  • Disable unused remote access/RDP ports and monitor remote access/RDP logs.
  • Require administrator credentials to install software.
  • Audit user accounts with administrative privileges and configure access controls with least privilege in mind.
  • Install and regularly update anti-virus and anti-malware software on all hosts.
  • Only use secure networks and avoid using public Wi-Fi networks. Consider installing and using a VPN.
  • Consider adding an email banner to messages coming from outside your organizations.
  • Disable hyperlinks in received emails.
  • Focus on cybersecurity awareness and training. Regularly provide users with training on information security principles and techniques as well as overall emerging cybersecurity risks and vulnerabilities (i.e., ransomware and phishing scams).

A broader security response is needed

The AHA states that “relying on victimized organizations to individually defend themselves against these attacks is not the solution to this national strategic threat,” especially given that most attacks originate from outside the U.S. and are beyond the reach of U.S. law enforcement.

What’s called for is a coordinated government campaign “that will use all diplomatic, financial, law enforcement, intelligence and military cyber capabilities to disrupt these criminal organizations and seize their illegal proceeds, as was done so effectively during the global fight against terrorism.”

For more information, see the FBI alert.

About the Author

Nick Hut

is a senior editor with HFMA, Westchester, Ill. (

Sign up for a free guest account and get access to five free articles every month.


Related Articles | Operations and Other Technology

Article | Cost Reduction

First American – Providing funding solutions exclusively for healthcare organizations

Healthcare organizations can acquire leading-edge equipment and stay updated with the latest technology with one company’s funding solutions.

Trend | Cost Effectiveness of Health

Rising to the moment: Addressing COVID-19’s challenges by advancing data interoperability

Improved interoperability in healthcare data exchange has been one byproduct of the COVID-19 pandemic that may ultimately help improve the delivery of care — as well as its cost effectiveness — in the United States.

White Paper | Artificial Intelligence

Revenue cycle innovation: How automation can mitigate the financial impact of COVID-19

These four tips will help hospital financial leaders lessen the economic impact of COVID-19 now and in the future: Build and retain a core revenue cycle team, contain labor costs, redeploy talent more effectively and enhance revenue integrity.

News | Payment Trends

Healthcare News of Note: Healthcare insurers owe hospitals billions of dollars in payments and are putting more patients in a bind with retroactive claim denials, says Kaiser Health News

Healthcare News of Note for healthcare finance professionals is a roundup of recent news articles: Insurers are behind in billions of dollars in payments to hospitals, the strain on clinicians and staff grows amid the pandemic, and CFO duties involve more digital activities and investor relations.