Security News

U.S. healthcare organizations could be in the crosshairs of a new cyberthreat collective dubbed Royal. The warning from HHS's Health Sector Cybersecurity Coordination Center identified the relatively new group as perps behind several attacks first appearing in September 2022 against Healthcare and Public Healthcare targets.

The U.S. Department of Health and Human Services issued a new warning today for the country's healthcare organizations regarding ongoing attacks from a relatively new operation, the Royal ransomware gang. The Health Sector Cybersecurity Coordination Center -HHS' security team- revealed in a new analyst note published Wednesday that the ransomware group has been behind multiple attacks against U.S. healthcare orgs.

The rising adoption of connected medical devices is accelerating cyberattacks, according to Capterra's Medical IoT Survey of healthcare IT professionals. Medical practices with more than 70% of their devices connected are 24% more likely to experience a cyberattack than practices with 50% or fewer connected devices.

Confidential computing aims to protect data while it's in transit, in use and at rest, combating attackers who use memory scraping to infiltrate data in use. Confidential computing has several applications within the healthcare field.

As we look to expedite applying cybersecurity to protect the field of medicine and its evolving cyber-physical nature, patient safety should be our guiding star. Healthcare organizations already understand the priority; patient safety and the Hippocratic Oath guide the work of medical professionals.

The U.S. Department of Health and Human Services warned today that Venus ransomware attacks are also targeting the country's healthcare organizations. In an analyst note issued by the Health Sector Cybersecurity Coordination Center, HHS' security team also mentions that it knows about at least one incident where Venus ransomware was deployed on the networks of a U.S. healthcare org.

Netwrix announced additional findings for the healthcare sector from its global 2022 Cloud Security Report, revealing that 61% of respondents in the healthcare industry suffered a cyberattack on their cloud infrastructure within the last 12 months, compared to 53% for other verticals. "The healthcare sector is a lucrative target for attackers because the chances of success are higher. The first two years of the pandemic exhausted the industry. With patient health being the main priority for these organizations, IT security resources are often too stretched and are focused on maintaining only the most necessary functions," comments Dirk Schrader, VP of Security Research at Netwrix.

Finally, Microsoft disclosed that Vice Society uses multiple ransomware families in attacks, including BlackCat, Quantum, Zeppelin, and a Vice Society-branded variant of Zeppelin ransomware. We also learned more information about new and existing ransomware attacks, such as an alleged 60 million LockBit ransomware demand on Pendragon, Hive claiming the attack on Tata Power, Medibank warning that the hackers accessed all customers' personal data, a ransomware attack on the Indianapolis Housing Agency, and Australian Clinical Labs disclosing that patient data was stolen.

The Dutch police have arrested a 19-year-old man in western Netherlands, suspected of breaching the systems of a healthcare software vendor in the country, and stealing tens of thousands of documents. These documents might contain sensitive personal and medical data of patients of healthcare providers using the company's systems.

Federal agencies are warning of a threat group called Daixin Team that is using ransomware and data extortion tactics to target US healthcare organizations. In a recent advisory, the Cybersecurity and Infrastructure Security Agency, FBI, and Department of Health and Human Services said the group has attacked multiple entities since at least June, deploying ransomware to encrypt data on servers used for a range of services, including electronic health records, diagnostic, imaging, and intranet services.