Sikich received credible intelligence Saturday, March 21, from the Wisconsin Cyber Threat Response Alliance (WICTRA) of ongoing healthcare system attacks against IT infrastructure in the United States that has been occurring over the course of the last week. While specific details about the nature of the attacks or the threat vectors being employed in these attacks are unavailable at this time, health care organizations are strongly advised to blacklist any traffic from a list of associated IP addresses. To receive the list, please email us at firstname.lastname@example.org. We will review email addresses before providing the list.
Organizations should also review log activity from the last week to determine if any traffic to their networks or externally facing applications has originated from these IPs. Should you identify any evidence of activity from these IPs, please provide it to WICTRA.
Should you have any questions on whitelisting/blacklisting IP addresses, these healthcare system attacks, or reviewing log activity, please don’t hesitate to contact our Cybersecurity team.