HHS, the Cybersecurity and Infrastructure Security Agency, and the FBI have urged healthcare organizations to take certain actions to protect their systems from hacker groups who have been known to create cyberespionage campaigns aimed at exfiltrating data from hospitals and health systems.
Below are some of the cybergroups posing a threat to healthcare organizations:
- Russian hackers known as the Karakurt gang have targeted at least four healthcare organizations in the last three months. The Karakurt gang emerged in late 2021 and likely has ties to the Conti ransomware group.
The group steals data and threatens to auction it off on the dark web or release it to the public unless their demands are met. Most recently, the group targeted Methodist McKinney (Texas) Hospital and two Methodist surgery centers. - Chinese state-sponsored hackers known as APT41 are a threat to the U.S. healthcare industry, according to HHS. APT41 conducted targeted campaigns on the healthcare sector in 2014, 2015, 2016, 2018, 2019 and 2020. The group uses tactics such as spear phishing, watering holes, supply chain attacks and backdoors to access victims' networks. Once inside victims' networks, the group gathers intelligence that can be used in future attacks and steals industry-specific information.
- Ransomware group Daixin Team has been known to target the healthcare and U.S. public health sector. The group has been active since June and uses ransomware operations to exfiltrate personal identifiable information and patient health information from its victims.
- Pioneer Kitten, UNC3890 and Magic Kitten are just a few of the Iranian cyber groups known to target the healthcare sector. These groups have been known to engage in website defacement, malware, theft of personally identifiable information, spear phishing and distributed denial-of-service attacks against their victims.