Following a global communication last week about the need to stay vigilant in the face of rising large-scale and coordinated ransomware attacks targeting health care systems across the country, Texas Children’s continues to closely monitor this significant threat. To keep our team members further informed, below is a brief Q&A on what is taking place, how it could potentially impact Texas Children’s and what you can do to help.
What is ransomware?
Ransomware locks a computer system to prevent the owner or organization from accessing data until they pay a ransom. If a ransomware attack were to impact Texas Children’s, it could potentially have significant impacts across our digital systems, including PeopleSoft, EPIC, Microsoft Office (i.e., email, Teams, OneDrive, etc.), and more.
What do we know about this latest ransomware attack?
The U.S. Department of Homeland Security (DHS) has issued a warning about a significant, “imminent and credible” ransomware threat to hospitals and health care providers being perpetrated by cybercriminals based in Eastern Europe, including one called UNC 1878. The threat appears to involve a combination of phishing, Trickbot malware and Ryuk ransomware, which were recently deployed against dozens of health care organizations, including Universal Health Services.
What is being done nationwide at this time?
The Federal Bureau of Investigation (FBI) and DHS issued bulletins about this threat on October 29. The FBI and the DHS-Cybersecurity and Infrastructure Security Agency have also issued a Joint Cybersecurity Advisory report. To learn more, click here.
What is being done at Texas Children’s?
The federal government has recommended that hospitals and health care providers implement the necessary security measures as soon as possible, and Texas Children’s is working diligently to do just that. Additionally, given that our response may escalate quickly in the event of an attack, we have asked our senior leaders to review their business continuity plans with their teams to ensure we are prepared for any potential network disruptions. Although our Information Services (IS) team has worked diligently to keep Texas Children’s secure during these types of malicious attacks, every employee shares a responsibility to protect our digital environment.
What can you do to help?
Help protect Texas Children’s by heightening your awareness of external emails from unknown senders, and by carefully considering before clicking on website links and opening email attachments. In particular, pay close attention to any unusual email that engages you to click over to a file sharing site, such as Google Drive. Putting this vigilance into practice in the workplace could also help you avoid potential phishing scams and ransomware attacks sent to your own personal email.
What do I do if I receive a suspicious email?
While there are several ways ransomware can be transmitted across an organization, the most common is email, where an employee may be deceived into clicking a link or opening an attachment from a fraudulent account. If you receive a suspicious message, refrain from opening the email or any attachments, and do not click any links. Simply delete the message from your inbox and notify IS Security by emailing isservicedesk@texaschildrens.org.
If you have any questions about information security or phishing, please call the IS Service Desk at 832-824-3512.
How do I sign up for emergency alerts through Everbridge?
In the event that Texas Children’s is impacted by a ransomware attack, our IS team may be required to shut down all or parts of our network, including email. Should this happen, Everbridge emergency text messaging would serve as a primary means of communicating with our workforce.
If you are not currently receiving emergency text communications from Everbridge, please sign up for alerts by following the instructions below:
- For TCH employees: Add your mobile phone number to your profile in MOLI to begin receiving these messages. Upon logging in to MOLI, simply click on “Personal Information” and then “Phone Numbers.” From there, you will see an area to add your mobile phone.
- For BCM employees: To opt-in for emergency text messages, please click here and then log in with your username and password. From there, you will be prompted to submit a mobile phone number.