Agencies urge health sector to protect against ransomware threat 

Nov 18, 2022 - 02:01 PM
aha-medicaid-data-900x400

The FBI, Cybersecurity & Infrastructure Security Agency, and Department of Health and Human Services yesterday recommended actions to reduce the risk of compromise from Hive ransomware, which has victimized over 1,300 health care and other organizations since last June.  
 
“This joint advisory on the notorious ransomware-as-a-service gang known as Hive provides updated and actionable technical indicators of compromise that should be loaded into network defensive systems,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “The Hive ransomware is currently and especially targeting health care organizations in the U.S. The hackers gain access to victim networks through a combination of phishing emails, unsecured remote access, and exploitation of unpatched known vulnerabilities. As part of the attack, the hackers attempt to locate and encrypt the backups and steal patient information, which they will also hold for ransom. This is another example of foreign-based, primarily Russian-speaking, hackers attacking U.S. health care. Without sustained offensive cyber operations by the U.S. government against these cyber gangs, defensive measures by the health care sector will have a limited effect in mitigating the public health and safety threat posed by their ongoing ransomware attacks.” 
 
For more on this or other cyber and risk issues, contact Riggi at jriggi@aha.org

Related News Articles

Headline
FBI warns of cyber actors exploiting end-of-life routers
The FBI's Internet Crime Complaint Center released an alert May 7 warning of cyber actors exploiting vulnerabilities in end-of-life routers. Routers dated 2010…
Headline
FBI warns of malicious text, voice-messaging campaign impersonating senior U.S. officials
The FBI’s Internet Criminal Complaint Center May 15 released an alert warning of a malicious text and voice messaging campaign involving impersonators…
Headline
AHA blog — 3 Must-know Cyber and Risk Realities: What’s Ahead for Health Care in 2025 
In his latest AHA Cyber Intel blog, John Riggi, AHA national advisor for cybersecurity and risk, examines the state of cyber and physical threats in 2025 as…
Headline
Report: Health care had most reported cyberthreats in 2024 
Health care had more cyberthreats last year than any other critical infrastructure industry, according to the FBI's 2024 Internet Crime Report released April…
Headline
NSA report includes recommendations for OT device security
The National Security Agency April 23 released a report on operational technology systems that includes recommendations for security policies and technical…
Chairperson's File
Chair File: Leadership Dialogue — Cybersecurity in Health Care with John Riggi, AHA’s National Advisor for Cybersecurity and Risk
Public
Cybersecurity and physical threats are unfortunately significant enterprise risks for health care, regardless of size or location. Every hospital, physician…