State-Sponsored Threat Actors Use Ransomware to Attack U.S. Public Health Sector

Oct 06

The future of healthcare and private health is in jeopardy. 

According to a July 6, 2022, alert from the Cybersecurity and Infrastructure Security Agency (CISA), FBI, and Department of the Treasury, North Korea-sponsored threat actors have been targeting the U.S. healthcare and public health sector for over a year. 

In the official statement, the FBI warns that they’ve detected a strain of ransomware, aptly titled “Maui”, attacking public health organizations since as far back as May 2021. North Korean state-sponsored threat actors deployed the Maui ransomware to hijack and encrypt servers storing sensitive healthcare data. This includes patient medical records, imaging services, and diagnostics, now unreachable unless the hospital pays a fee. The malicious cyber-attack was unfortunately successful in disrupting many healthcare services for a substantial amount of time. 

But what does this mean for the future of the healthcare industry? 

In light of these attacks, federal agencies are currently urging those in healthcare to fully re-examine their current cybersecurity standing. This includes revisiting their infrastructure, cyber etiquette, and employee training. CISA also recommends fully investing in a robust antivirus software, reporting phishing attempts, and enforcing multifactor authentication (MFA) for all sign-ins.  

In addition, they recommend healthcare organizations to: 

  • “Limit access to data by deploying public key infrastructure and digital certificates to authenticate connections with the network, Internet of Things (IoT) medical devices, and the electronic health record system, as well as to ensure data packages are not manipulated while in transit from man-in-the-middle attacks”.  
  • Use standard user accounts on internal systems instead of administrative accounts, which allow for overarching administrative system privileges and do not ensure least privilege.   
  • Turn off network device management interfaces such as Telnet, SSH, Winbox, and HTTP for wide area networks (WANs) and secure with strong passwords and encryption when enabled.  
  • Secure personal identifiable information (PII)/patient health information (PHI) at collection points and encrypt the data at rest and in transit by using technologies such as Transport Layer Security (TPS). Only store personal patient data on internal systems that are protected by firewalls, and ensure extensive backups are available if data is ever compromised.  
  • Protect stored data by masking the permanent account number (PAN) when it is displayed and rendering it unreadable when it is stored—through cryptography, for example.  
  • Secure the collection, storage, and processing practices for PII and PHI, per regulations such as the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Implementing HIPAA security measures can prevent the introduction of malware on the system.  
  • Implement and enforce multi-layer network segmentation with the most critical communications and data resting on the most secure and reliable layer.  
  • Use monitoring tools to observe whether IoT devices are behaving erratically due to a compromise.  
  • Create and regularly review internal policies that regulate the collection, storage, access, and monitoring of PII/PHI. 

Is your healthcare organization prepared for ransomware? 

Following the official recommendation from the CISA is just the beginning.

Threat actors can target any healthcare organization at anytime. You’ll need protection, such as backup storage and data encryption, a business continuity plan, a disaster recovery plan, and a technology roadmap.

Learning the ins and outs of cybersecurity is a monumental commitment with a large technical barrier.

Running your business comes first– let the cybersecurity experts at Twin Networks protect your IT infrastructure. We’re here to work with you and provide the solutions you need to stay safe and in operation. 

Check out our previous blog entries, or contact a member of our team to learn more about protecting your business from ransomware and other cyber threats. 

About the Author