The Cybersecurity and Infrastructure Security Agency (CISA), FBI, and Department of Health and Human Services (HHS) issued an advisory for US healthcare organizations Friday. Since June of this year, a ransomware group called Daixin Team has been using extortion tactics to steal and encrypt healthcare data. The ransomware group has successfully encrypted and exfiltrated electronic health records, medical imaging documents, and internal intranet data. The most sensitive stolen data is patient medical records and personally identifiable information (PII). The criminals have also used double extortion methods; threatening to release or sell patient data if the business does not pay the ransom.
The CISA highlighted two attack vectors associated with Daixin Team, both involving a VPN. The CISA report read, in part, “Daixin actors gain initial access to victims through virtual private network (VPN) servers. In one confirmed compromise, the actors likely exploited an unpatched vulnerability in the organization’s VPN server. In another confirmed compromise, the actors used previously compromised credentials to access a legacy VPN server that did not have multifactor authentication (MFA) enabled. The actors are believed to have acquired the VPN credentials through the use of a phishing email with a malicious attachment.”
The healthcare sector can be an easy target because of the number of small businesses operating in the industry that may not have the knowledge or investment in cybersecurity. Additionally, healthcare companies are high-profile targets because of the amount and private nature of the personally identifiable information they store. All of the vulnerabilities highlighted by the CISA are avoidable with a quality cybersecurity framework like our Q-Stack.
As of October, the FBI Crime Complaint Center (IC3) reported that the public healthcare sector is the top target for ransomware attacks at 25% of the complaints across 16 sectors. Unfortunately, industry professionals do not see the situation improving soon because of the diverse size and types of businesses in the healthcare workspace.
Quanexus IT Support Services for Dayton and Cincinnati
Request your free network assessment today. There is no hassle, or obligation.
If you would like more information, contact us here or call 937.885.7272.
Follow us on Facebook, Twitter and LinkedIn and stay up to date on by subscribing to our email list.
