The Department of Health and Human Services (HHS) Cybersecurity Program issued an alert this week to healthcare providers warning them to guard against the "exceptionally aggressive" Hive ransomware group.
The group has been known to be operational since June 2021 but in that time has been very aggressive in targeting the U.S. health sector, the federal agency said.
The financially motivated ransomware group is known to maintain sophisticated capabilities and, like many other cybercriminals, encrypts and steals data from its victims. The Hive group uses many common ransomware tactics, including the exploit of remote desktop protocol or virtual private networks (VPNs), and phishing attacks. Some victims have received phone calls from the ransomware group to pressure them to pay and conduct negotiations, according to HHS.
Like many ransomware variants, Hive searches victims' systems to delete backup data, which organizations often rely on to avoid paying a ransom. The group then terminates or disrupts them. This includes deleting shadow copies, backup files and system snapshots.
But the Hive group also “employs a wide variety of tactics, techniques and procedures (TTPs), creating significant challenges for defense and mitigation," the Health Sector Cybersecurity Coordination Center (HC3) said in an analyst note. Groups like Hive also threaten to leak files on the dark web.
In its analyst note, HC3 recommended that healthcare organizations take precautions as with other ransomware threats by using two-factor authentication with strong passwords—particularly for remote access services such as VPNs—and sufficiently backing up data, especially the most critical, sensitive and operationally necessary data.
"We recommend the 3-2-1 Rule for the most important data: Back this data up in three different locations, on at least two different forms of media, with one of them stored offline," the organization said.
Cybersecurity breaches hit an all-time high in 2021, exposing a record amount of patients' protected health information, according to a report from cybersecurity company Critical Insights.
In 2021, 45 million individuals were affected by healthcare attacks, up from 34 million in 2020. That number has tripled in just three years, growing from 14 million in 2018, according to the report, which analyzes breach data reported to the HHS by healthcare organizations.