April 27, 2022
The Department of Health and Human Services (HHS) Cybersecurity Program issued an alert last week to healthcare providers with a warning to guard against the “exceptionally aggressive” Hive ransomware group.
The Hive ransomware group has been known to be operational since June of 2021, but in that time has been “very aggressive” in targeting the U.S. health sector. One report covering the third quarter of 2021 – just months after they began operating – ranks them as the fourth most active ransomware operators in the cybercriminal ecosystem, according to the statement issued by HHS.
“Hive is an exceptionally aggressive, financially-motivated ransomware group known to maintain sophisticated capabilities who have historically targeted healthcare organizations frequently. HC3 recommends the Healthcare and Public Health (HPH) Sector be aware of their operations and apply appropriate cybersecurity principles and practices found in this document in defending their infrastructure and data against compromise,” HHS notes.
Other Articles to Explore
HHS makes the following recommendations to guard against Hive:
• Use two-factor authentication with strong passwords – this is especially applicable for remote access services such as RDP and VPNs.
• Sufficiently backing up data, especially the most critical, sensitive and operationally necessary data is very important. We recommend the 3-2-1 Rule for the most important data: Back this data up in three different locations, on at least two different forms of media, with one of them stored offline.
• Continuous monitoring is critical, and should be supported by a constant input of threat data (open source and possibly proprietary as well).