HHS alerts health sector to cyberthreat from Everest ransomware group

Aug 21, 2024 - 02:41 PM
oig-fda-cybersecurity

The Department of Health and Human Services Health Sector Cybersecurity Coordination Center (HC3) this week released an advisory about Everest, a ransomware-as-a-service group increasingly targeting the health care field. The group is known to access systems through compromised user accounts and common remote access tools.

“Yet another Russian-speaking ransomware group targets U.S. health care,” said John Riggi, AHA national advisor for cybersecurity and risk. “Everest appears to have morphed into what is known as an ‘initial access broker’ meaning their role in the underground Russian ransomware economy is to facilitate ransomware attacks by initially gaining unauthorized access to a victim organization through such means as credential theft. They then sell the unauthorized access to other gangs, who conduct the ransomware attack. It is noted that Everest, like other gangs, utilizes legitimate cybersecurity threat simulation tools such as Cobalt Strike to facilitate their attacks. It is recommended that health care organizations set network monitoring tools to alert for Cobalt Strike activations, implement the recommended mitigations included in the alert, and implement the voluntary health care cybersecurity performance goals.”

For more information on this or other cyber and risk issues, contact Riggi at jriggi@aha.org. For the latest cyber and risk resources and threat intelligence, visit aha.org/cybersecurity

Related News Articles

Headline
AHA blog: How to prepare for third-party cyber risk 
In his latest AHA Cyber Intel blog, John Riggi, AHA national advisor for cybersecurity and risk, explains why cybercriminals are shifting from directly…
Headline
CISA guidance informs users on software products which should be secure by design and demand 
The Cybersecurity and Infrastructure Security Agency and FBI Aug. 8 released guidance on secure by design software products which includes resources to assess…
Perspective
Keeping Up Our Guard and Fighting Back Against Cybercrime
It seems like barely a week goes by without a new cyberattack that affects health care providers. Often, it’s a ransomware attack conducted by foreign criminal…
Headline
Agencies issue update on BlackSuit ransomware group
The Cybersecurity and Infrastructure Security Agency and FBI today issued an updated advisory on the BlackSuit ransomware group, providing information on…
Headline
AHA podcast: The FBI’s Global Fight Against Cybercrime 
Cybercriminals are ramping up attacks on health care systems throughout the United States, with a majority of these crimes originating from international,…
AHA Cyber Intel
Third-Party Cyber Risk Impacts the Health Care Sector the Most. Here’s How to Prepare.
We all know by now that cyber risk is not just an "IT issue," but rather it is an enterprise risk issue. Cyberattacks represent a potential risk to every…