The UofL Health – IT Security Team has been monitoring recent events and alerts related to potential risks on our organization. Below is some additional information and measure. The IT Security Team will do an internal risk/vulnerability assessment and advise our newly formed IT Security Steering Committee on the risk landscape.
Current Situation & Risk
The FBI is investigating the recent targeting with ransomware of more than two dozen hospitals across the United States by a sophisticated eastern European group, with a new wave of attacks in Oregon, California and New York just this week. This appears to have been a coordinated attack designed to disrupt hospitals specifically all around the country.
What We Need From You
The threat actors primary method to infiltrate our systems is via phishing/spam emails. This targeting is primarily successful if users click on malicious links, download content or input credentials. PLEASE BE VIGILANT and review all emails that request “immediate” actions or ask for your “immediate” attention. Our users are our frontline of defense, so we appreciate the extra care, caution and attentiveness to this matter and are here to help.
What to look for:
- Emails from outside/suspicious sources – note unless it is work-related or seems suspicious please report or send to the IT Security team at phishing@uoflhealth.org or Usecure@uoflhealth.org.
- Emails requesting immediate action
- Spoofed email addresses like “HR or The CEO is requesting this immediately” – note all communications from UofL Health will be sent via our Marketing/HR teams
- UofL Health IT and other departments will NEVER ask you for your username and password (verbally or in an email) so do not share passwords.
For Questions
For any questions or concerns please reach out to the UofL Health IT Security team at Usecure@uoflhealth.org.
To report any suspicious emails please do not open or click the links and forward them to phishing@uoflhealth.org.