On January 12, 2023, the U.S. Department of Health & Human Services (HHS) published a warning to the healthcare sector about threats involving the cybercrime groups Royal and BlackCat. These groups are relatively new cyberattack groups known for hitting healthcare providers like hospitals and clinics.
Unfortunately, this is becoming a common warning from the HHS. On October 28, 2020, a joint cybersecurity advisory issued a warning of an imminent cyberthreat to hospitals. These warnings describe the tactics, techniques, and procedures used by cybercriminals against targets in the healthcare sector to infect systems with ransomware for financial gain.
These cybercriminal groups are ever-evolving and becoming more sophisticated daily by buying the same endpoint detection and response tools that cybersecurity uses to test their weaknesses, using blockchain smart contracts to expedite ransom payment, creating decentralized finance platforms, and gaining access through the third-party ecosystem. Cybercriminals have become increasingly ruthless, threatening denial-of-service attacks, releasing confidential information, and turning to reputation-damaging publicity to obtain ransom demands. Moving through 2023 and beyond, situational awareness will continue to be more and more critical. Organizations will need to stay one step ahead by considering the following:
- New threats and their tactics, techniques, procedures, and weapons
- Vulnerabilities and the means to correct them or mitigate exploitation
- Maintaining trusted defense measures
- Defending against distributed attacks and other new avenues of compromise
- New ways of thinking about defense
If you have any questions or need assistance, please reach out to a professional at FORVIS or submit the Contact Us form.