Tech & Innovation in Healthcare

Reader Questions:

Beware Rhysida Ransomware, Warns HC3

Published on Tue Oct 03, 2023

Question: I haven’t read about as many ransomware attacks in the news in recent months. As a healthcare practice, should we keep training our staff to stay ahead of ransomware and other cybersecurity threats?

Idaho Subscriber

Answer: Yes, you should absolutely keep training and educating your staff about ransomware and other cybersecurity threats. Staying proactive about your practice’s cyber protection should be on the top of everyone’s mind in your healthcare practice.

In fact, the Health Sector Cybersecurity Coordination Center (HC3) issued a sector alert on Aug. 4, 2023, warning against a new ransomware-as-a-service (RaaS) group, known as Rhysida. The RaaS group was first observed on May 17, 2023, after its victim support chat portal, which is hosted by TOR (.onion), started appearing.

According to HC3, Rhysida mainly attacks “education, government, manufacturing, and technology and managed service provider sectors; however, there have been recent attacks against the Healthcare and Public Health (HPH) sector.” The group has primarily attacked different industries in North and South America, Western Europe, and Australia.

Rhysida launches its ransomware attacks in several different ways, but the main methods include using phishing attacks to breach target networks or deploy payloads on accessed systems after unleashing a Cobalt Strike. The ransomware is designed to encrypt certain files on a system, and the filename extension changes to “.rhysida” once the file is encrypted.

After encryption occurs, the ransomware places PDF ransom notes in the affected folders. The ransom notes threaten the victim with “public distribution of the exfiltrated data,” writes HC3. Rhysida instructs victims to contact the group through its TOR-based portal, and the group accepts ransom payments solely in Bitcoin. According to HC3, Rhysida has added at least eight victims to its dark web, data leak site since June 2023, with five victims’ data being published.

The sector alert offers several security recommendations to protect your organization against Rhysida ransomware. Some of the proactive measures proposed by HC3 include:

Apply virtual patches for immediate protection against known vulnerabilities.
Educate your staff on how to recognize and avoid phishing attempts.
Segment your network to help limit the spread of ransomware if an attack occurs.

Tech & Innovation in Healthcare

Artificial Intelligence:
Break Open the Black Box With Explainable AI
Find out if XAI could improve critical thinking with MDM. Several artificial intelligence (AI) models [...]

Compliance:
Understand the Latest 21st Century Cures Act Rules for Information Blocking
Be aware of exceptions and penalties to stay compliant. Did you know that you could [...]

Extended Reality:
Deploy XR to Train the Next Generation of Physicians
Implement adaptive pathways for customized learning. Extended reality (XR) combines virtual reality (VR), augmented reality [...]

Industry Notes:
Implement MFA to Help Protect Your Healthcare Organization
On Aug. 10, 2023, the Health Sector Cybersecurity Coordination Center (HC3) published new guidance [...]

Reader Questions:
Use AI to Differentiate Malignant From Benign Breast Lesions
Question: Our practice sees several patients a year for breast ultrasounds to examine for signs [...]

Reader Questions:
Beware Rhysida Ransomware, Warns HC3
Question: I haven’t read about as many ransomware attacks in the news in recent months. [...]

Reader Questions:
Will Digital Twins Be Common in 10 Years? Find out
Question: Could you please explain the concept of digital twins in healthcare?Tennessee Subscriber Answer: In [...]

View All