The Health Sector Cybersecurity Coordination Center (HC3) at the Department of Health and Human Services has issued a report warning about a greater threat of ransomware attacks against the health care sector than in the past due to new technology platforms.
In particular, the report highlights the threat posed by Royal and BlackCat ransomware. Royal is a global multi-threaded ransomware with different methods of deployment. Health care providers need to be prepared for what to expect in terms of phishing. Royal became active in the United States in early 2022 and it is believed to have highly experienced operators previously belonging to other infamous cybercriminal groups, including Conti Team One, according to the HC3 report.
Royal ransomware employs Google ads in a campaign to blend in with normal ad traffic, the report noted. This makes malicious downloads appear authentic by hosting fake installer files on legitimate-looking software download sites. The group also uses contact forms located on an organization’s website to distribute phishing links.
Royal appears to be a private group without any affiliates, maintaining financial motivation as the primary goal. Ransom demands have ranged from $250,000 to more than $2 million, according to the report.
BlackCat
First identified in November 2021, BlackCat is a relatively new but “highly-capable” ransomware threat, according to the report. It conducts triple extortion by releasing ransomware, threatening to leak stolen data, and then threatening to distribute denial of service attacks. The criminals claim they are not out to attack state medical institutions, ambulances, or hospitals.
Doctors need to train their office staff, said Nakia Grayson, MBA, MS, of the National Institute of Standards and Technology (NIST) at the National Cybersecurity Center of Excellence (NCCoE). “It’s important that patients are aware of policies and cyber risks. But it is also important for the patients to take responsibility.”
To prevent HIPAA privacy breaches, physicians should make sure their staff and patients know what malware is and how it can sneak into the office network. “They need to keep their patients educated as much as they can and have training quarterly throughout the year, but weekly send out a note on the top threats that are occurring,” Grayson said.
There has been a huge jump in remote and hybrid work due to the COVID-19 pandemic. Grayson said it is important to protect your devices against eavesdropping. This is a very common issue, and many health care employees working remotely may not even be aware of widespread eavesdropping from other devices in their home.
The opportunities for cybercriminals presented by remote working was discussed in the recently released BlackBerry Cybersecurity Global Threat Intelligence Report, provides actionable intelligence on targeted attacks, cybercrime-motivated threat actors, and campaigns targeting specific organizations. “With the post-pandemic rise of remote and hybrid work, the need to access internal networks from the outside has become widespread,” the report reads. “Attackers are taking advantage of new remote access possibilities by using information stealers (infostealers) to steal corporate credentials to sell them on the black market.”
Cybersecurity specialist Maximilian Etschmaier, PhD, MS, a senior research scholar at Florida State University in Tallahassee, said in every situation the nature of the threat needs to be examined for its potential danger. He said the problem is increasing daily. Dr Etschmaier said he would like to see a much more coordinated approach by the federal government.
“There is a lot of harm that can be done to society by cyberattacks,” he said. “The credibility of the internet is at stake. We need to take a more systematic approach. It is also a social problem because it affects all of society.”
This article originally appeared on Renal and Urology News