In 2024, Iranian hackers emerged as the most active cyber attackers targeting healthcare organizations, an Oct 22 report from Microsoft found.
Microsoft released its report titled "U.S. Healthcare at risk: Strengthening resiliency against ransomware attacks," which offers a detailed overview of the current cybersecurity challenges facing the healthcare sector.
The report highlights some of the most notorious ransomware groups driven by financial motives and actively targeting the healthcare sector. Among these groups are:
- Lace Tempest: This ransomware group focuses on healthcare systems, employing a Ransomware-as-a-Service model that enables affiliates to easily launch attacks.
- Sangria Tempest: Sangria Tempest is infamous for executing sophisticated ransomware attacks on healthcare organizations, using advanced encryption to lock critical data.
- Cadenza Tempest: Originally known for distributed denial-of-service (DDoS) attacks, Cadenza Tempest has shifted its focus toward ransomware, especially targeting healthcare systems in regions opposing Russian interests.
- Vanilla Tempest: Active since mid-2022, Vanilla Tempest is a financially motivated group that has increasingly targeted U.S. healthcare systems using ransomware from RaaS providers.