HHS warns of risk of Hive ransomware to public health care sector
The health care sector and its trove of consumer health data are not immune to cyberattacks.
Cyberthreats have become an everyday issue that companies must guard against, implementing privacy and security measures to mitigate the risk of a breach. The list of threats continues to grow, with one of the latest ransomware groups setting its sites on health care.
A note put out by the Department of Health & Human Services’ (HHS) Health Sector Cybersecurity Coordination Center (HC3) says that “Hive,” an aggressive ransomware group, may target the health care and public health sector infrastructure and data operations. Hive has operated since last June and has targeted the health care sector before.
Related: 4 tips for effective employee communication in the event of a cyberattack
These health care-centric attacks should put employers and their benefits partners on notice, as employees’ personal health care information may be caught in the crossfire.
HHS is recommending several cybersecurity principles and practices to defend the sector from ransomware attacks and to watch out for things like:
- They conduct double extortion (data theft prior to encryption) and support this with their data leak site which is accessible on the dark web.
- They operate via the ransomware as a service (RaaS) model, which involves them focusing on development and operations of the ransomware and other partners/affiliates to obtain initial access to the victim infrastructure and they leverage Golang, a language used by many cybercriminals to design their malware.
- They leverage common (but effective) infection vectors such as RDP and VPN compromise as well as phishing.
- Their encrypted files end with a .hive, .key.hive or .key extension.
- Some victims have received phone calls from Hive to pressure them to pay and conduct negotiations.
The HC3 note says when defending against Hive or any other ransomware variant, there are standard practices that should be followed. Prevention is always the optimal approach. This includes but is not limited to the following:
- Use two-factor authentication with strong passwords – this is especially applicable for remote access services such as RDP and VPNs.
- Sufficiently backing up data, especially the most critical, sensitive and operationally necessary data is very important. According to HC3, “We recommend the 3-2-1 Rule for the most important data: Back this data up in three different locations, on at least two different forms of media, with one of them stored offline.”
- Continuous monitoring is critical, and should be supported by a constant input of threat data.
Read more: