FBI Warns Healthcare Employers Of Ransomware Attacks: Remote Access Software Targeted

April 17, 2024

The FBI, U.S. Department of Health and Human Services, and the federal Cybersecurity and Infrastructure Security Agency (CISA) are warning the healthcare sector of a resurgence of BlackCat ransomware attacks.

In December of 2023, the administrator of the criminal group encouraged its affiliates to target hospitals. In response, the U.S. government announced financial rewards of up to $15M for information leading to the "identification of key members and affiliates of the e-crime group".

SC magazine reports the group breached "Optum's network by leveraging the recently disclosed critical security flaws in ConnectWise's ScreenConnect remote desktop and access software."

An attack surface management firm, Censys, said, as of February 27, 2024, "it observed no less than 3,400 exposed potentially vulnerable ScreenConnect hosts online, with a majority of them located in the U.S., Canada, the U.K., Australia, Germany, France, India, the Netherlands, Turkey, and Ireland." "FBI Warns U.S. Healthcare Sector of Targeted BlackCat Ransomware Attacks" https://thehackernews.com/2024/02/fbi-warns-us-healthcare-sector-of.html (Feb. 28, 2024).

Commentary

Cybercriminals focus on healthcare organizations because healthcare organizations collect the personal identifiers of their patients. Personal identifiers, like social security numbers, driver license numbers, and healthcare-related information, are valuable on the cyber black market.

All healthcare organizations should consider the BlackCat resurgence as a forewarning of their own potential vulnerability. Not only because multiple government agencies are warning healthcare organizations, but because of the type of exploitation being was used.

Make sure all software is current, including any recent patches. Require password changes, often, as well as use of multi-factor identification.

Please note that the criminals exploited remote desktop and access software. Remote desktop and access software is often exploited to install malware, including ransomware and spyware. Organizations that use remote desktop and access software should continually monitor for reports of exploitation and patch the software when provided. 

Finally, your opinion is important to us. Please complete the opinion survey:

What's New

Cybercriminals Are Using Booking.Com Refund Ploy As Bait

Everyone likes a refund, cybercriminals know this, so they are using this tactic to spread malware. We examine ways to minimize your risk.

Ask Jack: Is AI A Threat. . . Now?

For months, experts have predicted that artificial intelligence (AI) will change the cyber defense landscape. Jack details a report that states it is now here.

Data Compliance Audit: A Double-Edge Sword When Defending Data Security Claims

A new report claims a surge in ransomware attacks. Compliance audits are necessary to limit risk, but there is a dark side to audits if organizations are not ready to comply.