HHS Cybersecurity Branch Warns Healthcare Sector of Hive Ransomware Group

April 21, 2022
HHS’ Health Sector Cybersecurity Coordination Center issued an advisory on April 18 warning healthcare and the public health sector about the malicious Hive ransomware group

The Department of Health and Human Services' (HHS) Health Sector Cybersecurity Coordination Center (HC3) published an analyst note on April 18 warning healthcare and the public health sector of the Hive ransomware group.

The analyst note states that “Hive is an exceptionally aggressive, financially-motivated ransomware group known to maintain sophisticated capabilities who have historically targeted healthcare organizations frequently. HC3 recommends the Healthcare and Public Health (HPH) Sector be aware of their operations and apply appropriate cybersecurity principles and practices found in this document in defending their infrastructure and data against compromise.”

The Hive ransomware group was first observed in June of 2021. In September of 2021 we reported that the FBI has released an alert about the malicious Hive ransomware, the same group that took down Memorial Health System on Aug. 15. In March of 2022 we reported that the Hive Ransomware group posted on its dark website that it had stolen 850,000 personally identified information (PII) records from the Partnership HealthPlan of California. The analyst note cites a report that in its first 100 days as a group, Hive breached 355 companies.

The analyst note says that Hive’s operations include double extortion; operating as a ransomware as a service model; leveraging Golang— a language used by cybercriminals to design malware; leveraging infection vectors like RDP and VPN compromise as well as phishing; encrypting files end with a .hive, .key.hive or .key extension; making phone calls to some victims to extort ransom; and searching victim systems for applications and processes that backup data and terminate or disrupt them.

The analyst note adds that “When defending against Hive or any other ransomware variant, there are standard practices that should be followed. Prevention is always the optimal approach.”

The prevention methods in the analyst note include:

  • Using two-factor authentication with strong passwords
  • Sufficiently backing up data
  • Continuous monitoring
  • Having an active vulnerability management program
  • Having thorough endpoint security

Sponsored Recommendations

How Digital Co-Pilots for patients help navigate care journeys to lower costs, increase profits, and improve patient outcomes

Discover how digital care journey platforms act as 'co-pilots' for patients, improving outcomes and reducing costs, while boosting profitability and patient satisfaction in this...

5 Strategies to Enhance Population Health with the ACG System

Explore five key ACG System features designed to amplify your population health program. Learn how to apply insights for targeted, effective care, improve overall health outcomes...

A 4-step plan for denial prevention

Denial prevention is a top priority in today’s revenue cycle. It’s also one area where most organizations fall behind. The good news? The technology and tactics to prevent denials...

Healthcare Industry Predictions 2024 and Beyond

The next five years are all about mastering generative AI — is the healthcare industry ready?