- The HHS posted an alert this week warning healthcare organizations of an "exceptionally aggressive" ransomware group that is known to target the sector.
- The Hive group practices double extortion — demanding payment to free data it has encrypted while also threatening to release the unencrypted data publicly, often by selling it on "name and shame" dark web sites, according to the department.
- The HHS Office of Information Security said in an analyst note that healthcare organizations should try to protect themselves with continuous monitoring and an active vulnerability management program. The alert also suggested keeping backups of data in multiple locations and using two-factor authentication with strong passwords.
Hive first emerged in June of last year. By the third quarter of 2021, the group already was ranked as the fourth most active ransomware group by threat intelligence firm Intel 471. Group-IB Threat Intelligence analysts said in September that Hive had targeted more than 350 companies.
The group has multiple tactics, including phishing and compromising VPNs. It often then sends a ransom note telling users not to delete or modify files and warning that if they go to the authorities the encryption key will be erased, according to the analysis.
Hive's encryption method prevents security researchers from seeing the ransom note and monitoring negotiations, the HHS said. Its ransomware moves laterally through a system and seeks out backups, shadow copies and snapshots while targeting anti-virus software, according to the FBI.
Hospitals have struggled to roll out comprehensive cybersecurity programs for years. COVID-19 exacerbated the problem and breach reports to the HHS in the second half of 2020 climbed 36% over the prior six-month period.
Now, Russia's invasion of Ukraine is stirring fresh concerns. The American Hospital Association has warned providers to shore up their systems even as the pandemic continues to stretch resources.
Ransomware attacks can have severe consequences on systems. A September survey from the Ponemon Institute found that one in four providers said their organization noticed a rise in mortality rates following an attack.
They can also affect the bottom line. The cost to recover records rose 16% from 2019 to 2020, Fitch ratings said last year. Its report also noted that providers can be hit financially if they're locked out of their billing systems.