The FBI, Cybersecurity & Infrastructure Security Agency, and Department of Health and Human Services yesterday recommended actions to reduce the risk of compromise from Hive ransomware, which has victimized over 1,300 health care and other organizations since last June.  
 
“This joint advisory on the notorious ransomware-as-a-service gang known as Hive provides updated and actionable technical indicators of compromise that should be loaded into network defensive systems,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “The Hive ransomware is currently and especially targeting health care organizations in the U.S. The hackers gain access to victim networks through a combination of phishing emails, unsecured remote access, and exploitation of unpatched known vulnerabilities. As part of the attack, the hackers attempt to locate and encrypt the backups and steal patient information, which they will also hold for ransom. This is another example of foreign-based, primarily Russian-speaking, hackers attacking U.S. health care. Without sustained offensive cyber operations by the U.S. government against these cyber gangs, defensive measures by the health care sector will have a limited effect in mitigating the public health and safety threat posed by their ongoing ransomware attacks.” 
 
For more on this or other cyber and risk issues, contact Riggi at jriggi@aha.org

Related News Articles

Headline
U.S. and international cybersecurity authorities released an advisory to help health care and other critical infrastructure organizations identify and…
Headline
An interagency task force chaired by the Cybersecurity and Infrastructure Security Agency and FBI yesterday released an updated guide offering best…
Headline
During a month-long ransomware attack on four hospitals in 2021, two neighboring hospital emergency departments experienced increased patient volumes, wait…
Headline
The FBI, Cybersecurity and Infrastructure Security Agency, and Australian Cyber Security Centre issued recommendations to help critical infrastructure…
Headline
Health sector organizations should immediately patch a vulnerability in Veeam software used to back up, replicate and restore data on virtual machines, the…
Headline
The Food and Drug Administration last week alerted health care providers and laboratory personnel to a cybersecurity vulnerability affecting the Universal Copy…