HHS issued an alert Feb. 7 saying the ransomware group LockBit is posing significant cyberthreats to the healthcare industry despite the group's claims it does not attack healthcare organizations.
HHS' alert comes three days after the FBI released a similar alert about LockBit 2.0, stating the group uses techniques such as purchased access, unpatched vulnerabilities, insider access and zero-day exploits.
HHS encouraged healthcare organizations to reduce their attack surface by utilizing the included indicators of compromise in their threat detection programs, using multifactor authentication and strong passwords, establishing a strong data backup program and potentially taking advantage of the Cybersecurity and Infrastructure Security Agency's cyber hygiene services.