Cyberattacks on healthcare organizations remain frequent, as nearly 2 million health records were breached in the U.S. in January. Here are five cyberthreats hospitals should be wary of, according to recent federal advisories.
Log4j
On Dec. 10, the HHS Cybersecurity Program issued a letter warning of a Log4j vulnerability that puts healthcare providers across the country at risk of a cyberattack. Log4j is a highly utilized piece of open-source code, and hackers' exploitation of its vulnerability can lead to data exfiltration and ransomware.
In a threat brief issued Jan. 20, the HHS Health Sector Cybersecurity Coordination Center said "health sector adversaries are actively leveraging" Log4j vulnerabilities. The brief said state-sponsored hackers are believed to be taking advantage of the flaws, including actors from Russia, China, Iran, North Korea and Turkey.
On Feb. 3, the Department of Homeland Security established the Cyber Safety Review Board, an initiative designed to assemble government and industry leaders to strengthen the nation's cybersecurity. The board's initial focus will be Log4j vulnerabilities.
Russia-Ukraine conflict
On Jan. 18, the Cybersecurity and Infrastructure Security Agency issued a report reminding organizations that malware used in recent attacks against Ukrainian government websites has been deployed in the past to damage critical U.S. infrastructure.
The Department of Homeland Security issued a similar warning Jan. 23, saying Russia may unleash a cyberattack against the U.S. as Russia's conflict with Ukraine intensifies.
On Feb. 14, CISA issued a recommendation that all U.S. organizations should increase cybersecurity to shield against potential threats from Russia.
Mespinoza
On Jan. 6, HHS' Health Sector Cybersecurity Coordinator Center issued a warning to hospitals that ransomware group Mespinoza is increasing its capabilities to target more frequently. PYSA, the ransomware variant the group developed, was considered one of the 10 most dangerous ransomware variants used to target the healthcare industry in 2020.
LockBit 2.0
On Feb. 4, the FBI issued an alert about ransomware group LockBit 2.0, stating the group uses techniques such as purchased access, unpatched vulnerabilities, insider access and zero-day exploits.
Three days later, HHS issued a similar alert, saying LockBit 2.0 is posing significant cyberthreats to the healthcare industry despite the group's claims it does not attack healthcare organizations.
BlackByte
On Feb. 11, the FBI and Secret Service issued an advisory that warned of cyberattacks waged by BlackByte, a ransomware group that encrypts files on compromised Windows host systems. The advisory said BlackByte ransomware has targeted at least three critical infrastructure sectors in the U.S.: government facilities, financial services and food and agriculture.