FBI, CISA share guidance for those affected by the Kaseya VSA ransomware attack

Jul 06, 2021 - 12:56 PM
Cybersecurity Lock on Gold Wall

The FBI and Cybersecurity & Infrastructure Security Agency July 4 released guidance to respond to the recent supply-chain ransomware attack leveraging a vulnerability in Kaseya VSA software against multiple managed service providers and their customers. Among other actions, CISA and FBI strongly urge affected MSPs and their customers to download the Kaseya VSA detection tool, which analyzes a system and determines whether any indicators of compromise are present; enable and enforce multi-factor authentication on every single account that is under the control of the organization, and — to the maximum extent possible — enable and enforce MFA for customer-facing services; implement allowlisting to limit communication with remote monitoring and management capabilities to known IP address pairs. President Biden has directed the full resources of the government to investigate this incident.  
  
John Riggi, AHA's senior advisor for cybersecurity and risk, said, “This attack once again demonstrates that our cyber adversaries are conducting highly researched and strategic attacks targeting ubiquitous technology service providers that provide broad access to the initial targets and their customer base. It is incumbent upon all of us to implement and maintain risk-based vendor risk management programs, which identify mission critical business associates, their dependencies and any business associate, software or service that has elevated network access and privilege. Implementing the above controls is essential not only to mitigate the Kaseya risk, but also represents best practices to mitigate similar strategic third-party risk as we have seen in the recent SolarWinds, MS print spooler and Exchange compromises." 
 
For more on this or other cyber and risk issues, contact Riggi at jriggi@aha.org.
 

Related News Articles

Headline
NSA report includes recommendations for OT device security
The National Security Agency April 23 released a report on operational technology systems that includes recommendations for security policies and technical…
Chairperson's File
Chair File: Leadership Dialogue — Cybersecurity in Health Care with John Riggi, AHA’s National Advisor for Cybersecurity and Risk
Public
Cybersecurity and physical threats are unfortunately significant enterprise risks for health care, regardless of size or location. Every hospital, physician…
Headline
CISA releases guidance following reported legacy Oracle cloud breach
The Cybersecurity and Infrastructure Security Agency April 17 released guidance to reduce risks associated with a reported breach of Oracle cloud services.…
Headline
Agencies issue guidance on navigating deceptive online recruitment of current and former federal employees
The National Counterintelligence and Security Center, the FBI, and the Defense Counterintelligence and Security Center yesterday released guidance on…
AHA Cyber Intel
[Updated] 3 Must-know Cyber and Risk Realities: What’s Ahead for Health Care in 2025
While the rate of cyberattacks on hospitals has risen dramatically, the severity of the impacts has also grown exponentially. Let’s look at the state of cyber…
Headline
House subcommittee holds hearing on cybersecurity vulnerabilities in legacy medical devices
The House Energy and Commerce Oversight and Investigations Subcommittee April 1 discussed cybersecurity threats in legacy medical devices during a hearing. The…