HC3 TLP Clear 2022 Q4 Healthcare Cybersecurity Bulletin

Executive Summary

In Q4 of 2022, HC3 observed a continuation of many ongoing trends with regards to cyber threats to the healthcare and public health community. Ransomware attacks, data breaches, and often both together, continued to be prevalent attacks against the health sector. Ransomware operators continued to evolve their techniques and weapons for increasing extortion pressure and maximizing their payday. Vulnerabilities in software and hardware platforms, some ubiquitous and some specific to healthcare, continued to keep the attack surface of healthcare organizations wide open. Managed service provider compromise continued to be a significant threat to the health sector, as did supply chain compromise.

News and Industry Reports of Interest

Dutch National Police and Respomnders.NU trick ransomware gang into handing over decyption keys
The Dutch National Police worked with the cybersecurity company Responders.NU to trick a ransomware gang – DeadBolt – into handing over decryption keys. The DeadBolt gang have aggressively attacked network-attached storage devices. They were able to acquire 155 decryption keys before the group determined what had occurred. According to the Dutch authorities, Deadbolt has launched successful ransomware attacks against 20,000 NAS devices worldwide and 1,000 of those in the Netherlands. https://www.bleepingcomputer.com/news/security/police-tricks-deadbolt-ransomware-out-of-155- decryption-keys/

View the detailed report below.