Russia-based ransomware gang ALPHV/Blackcat, aka BlackCat, has made headlines due to its attack on Change Healthcare, but the group has been targeting healthcare for a while.
"This group in particular has been very aggressive targeting healthcare and has been responsible for numerous high-impact attacks," John Riggi, the American Hospital Association's national adviser for cybersecurity and risk, told Becker's.
BlackCat, which uses a ransomware-as-a-service model, is known as the "second most prolific ransomware-as-a-service variant in the world," according to the Justice Department.
The group has targeted the computer networks of more than 1,000 victims within the U.S. and worldwide and has been increasingly focusing on the healthcare industry.
According to a cybersecurity advisory published by the Cybersecurity and Infrastructure Security Agency, most of its 70 victims since December have come from the healthcare industry. And most recently, the FBI said the group's administrator encouraged affiliates to attack hospitals after the FBI infiltrated its operations in December.
News outlet Wired reported that even though the FBI thought they dismantled BlackCat, the group bounced back, launching a new dark web site which promised a higher rate of payment.
"Because we can't arrest the core operators that are in Russia or in areas that are uncooperative with law enforcement, we can't stop them," Allan Liska, a ransomware-focused researcher for cybersecurity firm Recorded Future, told the publication.
So far, BlackCat has claimed responsibility for a cyberattack on Allentown, Pa.-based Lehigh Valley Health Network and Change Healthcare.
Additionally, Rhysida ransomware group has emerged as another ransomware group that has been increasingly targeting the healthcare industry.
Most recently, Rhysida listed Chicago-based Lurie Children's on its extortion site on the dark web and is trying to offload the stolen data from the health system for 60 bitcoins, or just over $3.4 million.
HHS warned in August that Rhysida was targeting the healthcare industry. The group has also taken credit for hacks on Culver City, Calif.-based Prospect Medical Holdings and Ocean Springs, Miss.-based Singing River Health System.