This message was sent on Oct. 30 to all members of the UNMC/Nebraska Medicine community.
As we’ve shared previously, the FBI, Cybersecurity and Infrastructure Security Agency, and HHS are reporting a potentially imminent and coordinated ransomware assault against U.S. health care organizations. Ransomware prevents or limits users from accessing mission critical data, such as patient records, and holds them for monetary ransoms. These attacks may occur in the coming days or weeks, though the threat from ransomware is ongoing. The attackers are expected to use phishing emails as their primary means of delivering the ransomware. Below is how you can help diminish our risk.
Be aware of suspicious e-mails
Email is the most common way attackers gain access to their target — especially emails that:
- Contain downloadable attachments (including PDF or MS Word files)
- Contain URL links, particularly to docs.google.com (hover your mouse over links to see where the link goes)
- Appear to come from trusted sources such as vendors, contractors or other individuals with whom you normally do business
Over the coming days, attackers may send UNMC and Nebraska Medicine colleagues realistic phishing emails containing links to ransomware. Remain especially wary of email subject lines containing your name, UNMC and Nebraska Medicine, or emails requesting urgent or prompt responses. These e-mails also will have a tag at the top of the email body, indicating they were not sent by someone at UNMC or Nebraska Medicine.
Continue to be vigilant and mindful of the following:
- Do not use Global Protect unless absolutely necessary or limit your use, if possible
- Use the app store to access Nebraska Medicine or UNMC email, Teams or OneDrive and such vs. Global Protect
- If you must use Global Protect, it will time out after 16 minutes of inactivity or 2 hours of use — this is consistent with recommendations from EPIC and the FBI
- If and when connected to Global Protect, limit your use to work-related tasks — no Twitter, Facebook, personal email and such.
- Personal emails are being blocked. Do not attempt to access personal email on work devices
- A safe alternative to accessing personal emails on a work device is using an email app on your personal smart phone or tablet
- When you turn on your device for the next time, there will be an update. If you choose not to do it, the update will happen automatically.
Exercise caution, maintain vigilance and report any suspicious issues or activity to the IT Helpdesk at 402-559-7700.