Imprivata Response to Ryuk and other Ransomware Attacks

On October 28, the FBI, Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory warning against ransomware activity targeting healthcare delivery organizations. These attacks—including Ryuk—have successfully infiltrated and disrupted health systems across the U.S.   

To help you prepare for these attacks and mitigate risk, Imprivata provides the following information.  

Risk to Imprivata Appliances is Low 

For Imprivata customers, the general risk from ransomware to Imprivata appliances is low. The appliances are locked down with all non-essential services shut off (SSH, etc.) There is no direct operating system access and no ability to directly log into the command line or console of the appliance. Imprivata customers can access more details on the Imprivata Support and Learning Center.  

Detecting and Mitigating the Risk 

Imprivata strategic partner Microsoft recommends using antivirus or antimalware software (such as Windows Defender, Microsoft Security Essentials, and Microsoft Safety Scanner) to detect and remove the threat posed by Ryuk and other ransomware threats.  

More information is available on the Microsoft Security Intelligence recommend action. 

Safeguarding Against Ransomware Attacks  

The FBI/HHS/CISA advisory provides network best practices to help minimize the risk of ransomware attacks. Imprivata can help you adopt and implement these best practices to help you bolster your cybersecurity defense with minimal disruption to your end-users.  

Specifically, Imprivata’s single sign-on and multifactor authentication solutions can help you minimize the risk of a successful phishing attacks, which is commonly how ransomware is delivered and distributed.  

Weak/stolen passwords are the root cause of many successful phishing attacks, serving as the keys to bypassing perimeter security. Passwords can be easily stolen through social engineering via phishing and other targeted attacks. Imprivata helps mitigate this threat by automating password entry, and greatly reducing the need for employees to manually enter their usernames and passwords (if ever). You can then instruct employees that if they are ever prompted for their password, something is likely wrong, and they can alert IT. Systems can also be configured so that employees will not even be able to manually enter their password, even if they wanted to, because they don’t know their password strings. 

However, passwords are difficult to eradicate completely, even with an SSO solution. Remote network access, for example, typically requires a username and password to authenticate. This is a point of vulnerability, which can be addressed by using multifactor authentication. Imprivata can help you quickly scale your use of multifactor authentication across your organization to block unauthorized attempts to access your network with fraudulently obtained credentials. 

If you are interested in learning more about how Imprivata solutions can help minimize the risk of phishing and ransomware attacks, please contact your Imprivata account team.  

Additional Resources