Analysis
Attacks and Vulnerabilities
Malware, Phishing & Ransomware
Medical
News
Threat Landscape
Vulnerabilities

HC3 bulletin provides overview of cyber threats to US healthcare and public health sector in Q4 2022

January 19, 2023
HC3 bulletin provides overview of cyber threats to US healthcare and public health sector in Q4 2022

The Health Sector Cybersecurity Coordination Center (HC3) of the U.S. Department of Health and Human Services (HHS) reported that several cyber threats targeting the healthcare and public health sector continued well into the fourth quarter of last year. The HC3 bulletin also highlights some of the alerts, briefs, and other guidance on vulnerabilities, threat groups, and technical data of interest to the health sector and public health community during the reporting period. 

“Ransomware attacks, data breaches, and often both together, continued to be prevalent attacks against the health sector. Ransomware operators continued to evolve their techniques and weapons for increasing extortion pressure and maximizing their payday,” the HC3 said in a ‘Healthcare Cybersecurity Bulletin’ released Wednesday. “Vulnerabilities in software and hardware platforms, some ubiquitous and some specific to healthcare, continued to keep the attack surface of healthcare organizations wide open. Managed service provider compromise continued to be a significant threat to the health sector, as did supply chain compromise,” it added. 

The HC3 bulletin covered a cybersecurity incident of the Dutch National Police and responders tricked the ransomware gang into handing over decryption keys. The DeadBolt ransomware gang has aggressively attacked network-attached storage devices and was able to acquire 155 decryption keys before the group determined what had occurred. 

“According to the Dutch authorities, Deadbolt has launched successful ransomware attacks against 20,000 NAS devices worldwide and 1,000 of those in the Netherlands,” the HC3 bulletin said.

The HC3 also covered the release of a white paper soliciting input from the private sector as well as the research community on healthcare cybersecurity issues by Senator Mark Warner, a Democrat from Virginia, in early November. “HIPAA was called out as a piece of legislation that needs to be modernized. The white paper requested feedback on NIST standards and their utility for the health sector as well as feedback on federal government collaboration and the effectiveness of the 405(d) program, on cyber hygiene, and feedback on the possible requirement that healthcare practitioners train on legacy systems in the event of a catastrophic event,” the bulletin added. 

In response, the American Hospital Association (AHA) provided feedback on the cybersecurity policy proposals released in the Warner policy paper. The association responded on behalf of its nearly 5,000 member hospitals, health systems, and other healthcare organizations, clinician partners including over 270,000 affiliated physicians, 2 million nurses and other caregivers, and the 43,000 healthcare leaders who belong to professional membership groups.

The HC3 bulletin also included that in late October, the White House hosted leaders from over 30 countries, as well as individuals from the private sector, to reinforce and double down on international efforts to combat ransomware and various other kinds of cybercrime. “Companies who were represented included Microsoft, Palo Alto, SAP, and Crowdstrike, and this year they’ve invited 13 countries from around the world. The first session was held at FBI headquarters and attended by Director Chris Wray, and there was a briefing by representatives from the FBI, ODNI, and CISA,” it added.

During the quarter, the HC3 bulletin said that a joint cybersecurity advisory (CSA) was released in October by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and HHS to provide information on the ‘Daixin Team,’ a cybercrime group that is actively targeting U.S. businesses, predominantly in the Healthcare and Public Health (HPH) Sector, with ransomware and data extortion operations. 

“The Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data extortion operations since at least June 2022,” the HC3 bulletin said. “Since then, Daixin Team cybercrime actors have caused ransomware incidents at multiple HPH Sector organizations. This joint CSA provides TTPs and IOCs of Daixin actors obtained from FBI threat response activities and third-party reporting.”

The HC3 bulletin recapped that the agency released in October a sector alert on the software library called OpenSSL, which is deployed across the health sector and is going to receive an important update on Nov. 1, 2022. “This sector alert notifies the HPH of this upgrade and describes the steps needed to identify applicable systems and appropriately upgrade them,” it added.

The agency also issued a brief in November providing an overview of the Iranian state-sponsored cyber threat landscape and how it applies to the HPH sector. 

The HC3 bulletin also recollected that the agency provided the sector with an overview of the Venus ransomware operators who are known to target the U.S. health sector. This includes an overview of their operations as well as indicators of compromise and a MITRE ATT&CK mapping along with defense and mitigation recommendations. Another analyst note provided an overview of the Lorenz ransomware gang,  which in the short time they have been operating, has targeted the U.S. health sector. This includes an overview of their operations as well as indicators of compromise.

In December, the HC3 bulletin said that the agency provided an overview of the Royal ransomware gang who, in the short time they have been operating, have targeted the U.S. health sector. This includes an overview of their operations as well as indicators of compromise. The agency also delivered an overview of the LockBit 3.0 ransomware variant and operators who have been operating have targeted the U.S. health sector. 

It also detailed the BlackCat ransomware gang that has targeted the U.S. health sector. This includes an overview of their operations, defense and mitigation recommendations, and indicators of compromise. The agency also released an overview of the Russian hacktivist gang that has targeted the U.S . health sector. This includes an overview of their operations, defense and mitigation recommendations, and indicators of compromise.

The U.S. administration confirmed last October that it is working towards securing cyberspace and strengthening American critical infrastructure. Anne Neuberger, deputy assistant to the president and deputy national security advisor for cyber and emerging threats, confirmed that the communications, water, and healthcare sectors are looking at new cybersecurity standards.

Neuberger said at the time that with the “HHS coming out, beginning to work with partners at hospitals to put in place minimum cybersecurity guidelines and then further work upcoming thereafter on devices and broader health care as well.”

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
Hackers target Tipton Municipal Utilities wastewater treatment plant, prompting federal investigation
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
New CGCYBER report warns of cybersecurity risks in marine environment due to network-connected OT systems
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
Ukrainian CERT details malicious plan by Sandworm group to disrupt critical infrastructure facilities
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
DC3, DCSA collaborate to launch vulnerability disclosure program for defense industrial base
Waterfall’s WF-600 unidirectional security gateway brings 'unbreachable protection' to OT/ICS networks
Waterfall, 2TS enter into cybersecurity alliance for African market