As I am sure you are all aware from the frequency of government alerts and media attention, ransomware incidents are continuing to increase and, just like COVID, have developed new "variants."
Criminal organizations backing these attacks have gone through mergers, restructuring and consolidation - just like any other growing industry. Ransomware is big business complete with business development, customer support, sales department, and, more concerning, talented development teams. Advance preparation and defense are imperative.
The Department of Health and Human Services, as part of its education initiative, offers frequent free webinars specifically focused on cybersecurity. One such webinar is offered on a bi-monthly basis through the Health Sector Cybersecurity Coordination Center (“HC3”) of HHS.
Today’s HHS/HC3 webinar drills down on Hive Ransomware.
The HIVE group is just one of those organizations which has emerged through apparent merger with other criminal organizations. According to the FBI alert, HIVE attackers not only take the information and threaten to "leak" it absent payment, but notify victims of the presence of their information taken from the victim company and the potential for public disclosure. This Ransomware variant has been associated with several healthcare attacks since June 2021. HC3’s site has more information regarding its prior briefings and educational information
The Cybersecurity & Infrastructure Security Agency (“CISA”) recently issued an alert related to the BlackWater ransomware group and included specific mitigation steps that are recommended. These include standard safeguards such as strong passwords, multi-factor authentication, network segmentation, patching/updating of systems, limiting access, strong backup and restoration processes, but also recommend: implementing detection signatures to identify and block the ransom note on the first encrypted location, use of admin disabling tools to protect systems after-hours as most attacks occur during non-business hours, and
Ongoing assessment of security safeguards and implementation of those needed to provide reasonable protection is a recommended part of a healthcare security risk management plan. If you have additional questions or would like to discuss how Waller can assist you with HIPAA and data privacy and security compliance, please contact Beth.Pitman@Wallerlaw.com.
Whether a current or prospective client, we are here to help your business thrive. Please send us a message and we will respond to your needs as soon as possible.Send us a message