HHS, the Cybersecurity and Infrastructure Security Agency, and the FBI have urged healthcare organizations to take certain actions to protect their systems from hacker groups that have been known to create cyberespionage campaigns aimed at stealing data from hospitals and health systems.
Below are some of the cybergroups posing a threat to healthcare organizations:
- CISA stated that North Korean state-sponsored ransomware groups are targeting South Korean and U.S. healthcare organizations with Maui and H0lyGh0st ransomware as a way to raise revenue for the North Korean government.
- The Health Sector Cybersecurity Coordination Center warned the healthcare sector about the Russian-backed hacktivist group KillNet, which is known for attacking and targeting the U.S. healthcare industry. The group recently claimed responsibility for a cyberattack that disrupted hospital and health system websites across the U.S.
- The Health Sector Cybersecurity Coordination Center warned the healthcare sector about the tactics and exploitation techniques used by Royal ransomware and BlackCat ransomware, two ransomware groups that have been aggressively targeting the U.S. healthcare sector. BlackCat ransomware was first detected in November 2021 and compromised at least 60 victims in just four months. Royal ransomware was first observed in 2022 and is a "relatively new, but highly capable" threat to the healthcare sector, according to the organization.
- The HHS issued a warning about the Clop ransomware group which has reportedly been infecting files that look like medical documents and subsequently requesting medical appointments in hopes of getting victims to open the malicious files. The group recently took responsibility for a mass-hack on 130 organizations including Franklin, Tenn.-based Community Health Systems.