The FBI, Cybersecurity and Infrastructure Security Agency and Department of Health and Human Services today alerted U.S. organizations to a cybercrime group targeting the health care sector with ransomware and data extortion operations. The group has attacked multiple organizations since June, deploying ransomware to encrypt servers responsible for health care services, exfiltrating personal identifiable information and patient health information, and threatening to release the information if a ransom is not paid. The advisory includes indicators of compromise and recommended actions to protect against these attacks.
 
“This particularly urgent alert is directly relevant to ongoing ransomware threats currently targeting hospitals and health systems,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “The report also contains actionable indicators of compromise, malware signatures that should be loaded into network defense and intrusion detection systems. If there is any indication of this ransomware being present on hospital or health system networks, it is recommended that immediate steps be taken to contain, isolate and remediate. It is also strongly recommended that local FBI and CISA field offices be contacted immediately.”

Related News Articles

Headline
The Department of Health and Human Services’ Advanced Research Projects Agency for Health (ARPA-H) recently awarded $50 million in funding for six research…
AHA Cyber Intel
I (John Riggi) recently moderated a webinar discussion as session three of the American Hospital Association’s Convening Leaders for Emergency and Response (…
Headline
The FBI this week advised organizations to protect against certain emerging ransomware trends, including multiple attacks on the same victim and new data…
Headline
Cyber actors linked to the People’s Republic of China are targeting router firmware in government and multinational organizations, which should review all…
Headline
The Food and Drug Administration Sept. 26 finalized guidance updating the cybersecurity information device makers should submit to its Center for Devices and…
Headline
The Health Information Sharing and Analysis Center (H-ISAC) Sept. 19 alerted the health sector to an emerging threat that targets senior executives through…