Tech & Innovation in Healthcare

In a joint Cybersecurity Advisory (CSA), the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the U.S. Department of the Treasury offered information about North Korean state-sponsored cyberattacks since at least May 2021. The announcement stated that the state-sponsored attacks have been targeting healthcare and public health (HPH) sector organizations using Maui ransomware.

The Maui ransomware encrypted servers that are used to provide healthcare services. The encryption binary ransomware is designed for manual execution by a remote actor. When activated, the ransomware combines Advanced Encryption Standard (AES), RSA, and XOR encryption to lock up the target files.

Cases of the Maui ransomware include situations where the healthcare services were interrupted for an extended period of time.

CISA, FBI, and the Treasury are urging organizations in the HPH sector to review the joint CSA and implement the recommended mitigations to help reduce the risk of ransomware disrupting healthcare services. According to CISA’s alert, several of the recommended mitigations include:

• Use standard user accounts on internal systems rather than administrative accounts
• Disguise the permanent account number (PAN) when it’s displayed and make it unreadable when in storage to protect stored data
• Implement monitoring tools to observe the functionality of Internet of Things (IoT) devices

Since the North Korean state-sponsored actors believe healthcare organizations are willing to pay ransoms to avoid service interruptions, the FBI, CISA, and Treasury assess the threat actors will continue to target organizations in the HPH sector.

However, the FBI, CISA, and the Treasury “strongly discourage paying ransoms as doing so does not guarantee files and records will be recovered and may pose sanction risks.”