The FBI and other federal authorities are warning healthcare organizations to safeguard against a ransomware group targeting the industry.
The Medusa ransomware-as-a-service variant has been used to hack more than 300 victims from a variety of industries, including healthcare, most commonly through phishing campaigns and unpatched software vulnerabilities, according to a March cybersecurity advisory from the FBI, Cybersecurity and Infrastructure Security Agency, and Multi-State Information Sharing and Analysis Center.
Medusa threat actors employ a “double extortion” model, where they both encrypt victims’ data and threaten to publicly release stolen information if their demands aren’t met, per the notice. They typically send ransom notes within 48 hours of an attack, offering to extend the deadline to pay by $10,000 a day.
Healthcare organizations can protect against the threat by taking such steps as implementing a recovery plan, requiring multifactor authentication, and ensuring all operating systems, firmware and software are up to date, the agencies said.
