Alert – Kaseya VSA Compromise
This Alert is intended for healthcare Information Technology (IT) teams in regards to ensuring that the necessary patches to address known vulnerabilities have been applied in your environment.
Multiple media outlets, cybersecurity firms and law enforcement agencies around the world have issued alerts and advisories on the REvil Ransomware Supply Chain Attack as a result of the Kaseya VSA product compromise. While this is an evolving situation, it has been reported that as many as a million systems across the world have been affected. We have also learned that this situation may have affected a small number of Canadian healthcare organizations.
According to the experts, cyber criminals have been exploiting software vulnerabilities found in the Kaseya VSA product and deploying malware attacks such as the one seen in the REvil ransomware supply chain attack. Kaseya has released guidance and a tool to help organizations assess for malware infection and patch updates. Cybersecurity experts strongly recommend organizations check for updates, apply relevant patches as they become available, and check for possible malicious activities. We highly encourage our Subscribers to review the mitigation strategies provided by the Canadian Centre for Cyber Security.
The above information was gleaned from the sources listed below. We also strongly encourage our partners to subscribe to these advisories.
- Supply chain enabled ransomware activity affecting multiple managed service providers, Canadian Centre for Cyber Security, Government of Canada, July 5, 2021
- Cyber Security Advisory – [Revil ransomware supply chain attack], Cyber Security Centre of Excellence, July 6, 2021. This alert was sent to Ontario’s broader public sector organizations that have subscribed to cybersecurity alerts. If you belong to a broader public sector organization, sign up for future alerts.
- FBI Statement on Kaseya Ransomware Attack, FBI National Press Office, July 3, 2021
- Updates Regarding VSA Security Incident, Kaseya, July 6, 2021
In the event of a breach, Subscribers are asked to immediately notify the HIROC claims team to ensure we are able to assist you. For cyber breach claims inquiries, please send the details with contact information to firstname.lastname@example.org.
Additional questions about cyber security? Please contact Kopiha Nathan, HIROC's Privacy and Compliance Officer at email@example.com.