HHS Warns About Hive Ransomware 1
News & Events

HHS Warns About Hive Ransomware

The Health Sector Cybersecurity Coordination Center (HC3) warned the healthcare industry last week of the “exceptionally aggressive, financially-motivated” Hive ransomware group. The Department of Health and Human Services’ cybersecurity program recommends in its analyst note that healthcare organizations heighten their security practices.

Hive Ransomware Targeting Healthcare Organizations

One of several known global ransomware groups, Hive has aggressively targeted the US healthcare industry since at least June 2021. The goal is to compromise organizations’ networks via multiple common vulnerabilities such as unpatched servers and phishing E-mails. Once the cybercriminals have access, they encrypt the data and hold it for ransom while also attempting to disrupt and damage backup systems. The Hive group has also exfiltrated sensitive data and threatened to leak it publicly on the “dark web” as a double extortion. HHS notes that some Hive victims have even received phone calls hassling them to negotiate and pay.

Ransomware Victims on Dark Web

Their dark web data leak site suggests only a small percentage of breached organizations has opted not to pay the ransom, ranging from small businesses to large companies. Hive ransomware targets not only Windows computers but also Linux machines and even VMware ESXi hypervisors for virtual computing. By threatening to release private records and information covered by HIPAA, they make it more painful to refuse payment. The risk of fines and civil liability for data breaches can lead to capitulation.

To safeguard against these and other cybersecurity threats, HC3 strongly recommends using two-factor authentication (2FA) coupled with strong passwords. It also highlights the 3-2-1 Rule of backing up critical data in three different locations, on at least two different forms of media, with one of them stored offline. Having a recent, intact backup from which to restore can minimize the impact of a ransomware attack. Continuous monitoring is also noted as critical. An IT Managed Service Provider like Microwize can take the burden of managing and monitoring these systems off your shoulders, letting you focus on healthcare.