Tech & Innovation in Healthcare

Question: I keep seeing warnings of foreign threat actors attempting to attack the U.S. cyber infrastructure. Should our healthcare organization be concerned about a possible attack on our network?

Idaho Subscriber

Answer: Any cybersecurity threat should be considered credible, regardless of the industry. This reasoning is why it’s important to educate and train your employees, so they remain proactive about protecting your healthcare organization’s network.

On April 19, 2022, the FBI released a FLASH Report that details the indicators of a BlackCat/ALPHV ransomware attack. During the attack, the ransomware “leverages previously compromised user credentials to gain initial access to the victim system.” BlackCat/ALPHV is designed to steal data before the ransomware attack is executed — and the threat is even capable of accessing data from cloud providers, as well.

According to the FBI report, BlackCat/ALPHV ransomware as a service (RaaS) had compromised at least 60 entities around the world, as of March 2022. The ransomware group is also the first to successfully compromise entities using RUST, which is “considered to be a more secure programming language that offers improved performance and reliable concurrent processing.”

While the FBI report mentions BlackCat-affiliated threat actors usually request ransom payments in the millions of dollars, their report states “The FBI does not encourage paying ransoms,” since paying the threat actors doesn’t necessarily guarantee your organization’s files will be recovered.

The FBI also offers several tips on protecting your organization’s network, including:

• Using multifactor authentication (MFA) where possible
• Regularly changing passwords to user accounts and network systems, and avoiding reusing passwords for different accounts
• Installing and regularly updating antivirus and antimalware software
• Requiring administrator credentials to install software
• Using secure networks only and avoid using public wi-fi networks