HHS Cybersecurity Branch Warns Healthcare Sector of Hive Ransomware Group

April 21, 2022
HHS’ Health Sector Cybersecurity Coordination Center issued an advisory on April 18 warning healthcare and the public health sector about the malicious Hive ransomware group

The Department of Health and Human Services' (HHS) Health Sector Cybersecurity Coordination Center (HC3) published an analyst note on April 18 warning healthcare and the public health sector of the Hive ransomware group.

The analyst note states that “Hive is an exceptionally aggressive, financially-motivated ransomware group known to maintain sophisticated capabilities who have historically targeted healthcare organizations frequently. HC3 recommends the Healthcare and Public Health (HPH) Sector be aware of their operations and apply appropriate cybersecurity principles and practices found in this document in defending their infrastructure and data against compromise.”

The Hive ransomware group was first observed in June of 2021. In September of 2021 we reported that the FBI has released an alert about the malicious Hive ransomware, the same group that took down Memorial Health System on Aug. 15. In March of 2022 we reported that the Hive Ransomware group posted on its dark website that it had stolen 850,000 personally identified information (PII) records from the Partnership HealthPlan of California. The analyst note cites a report that in its first 100 days as a group, Hive breached 355 companies.

The analyst note says that Hive’s operations include double extortion; operating as a ransomware as a service model; leveraging Golang— a language used by cybercriminals to design malware; leveraging infection vectors like RDP and VPN compromise as well as phishing; encrypting files end with a .hive, .key.hive or .key extension; making phone calls to some victims to extort ransom; and searching victim systems for applications and processes that backup data and terminate or disrupt them.

The analyst note adds that “When defending against Hive or any other ransomware variant, there are standard practices that should be followed. Prevention is always the optimal approach.”

The prevention methods in the analyst note include:

  • Using two-factor authentication with strong passwords
  • Sufficiently backing up data
  • Continuous monitoring
  • Having an active vulnerability management program
  • Having thorough endpoint security

Sponsored Recommendations

Northeast Georgia Health System: Scaling Digital Transformation in a Competitive Market

Find out how Northeast Georgia Health System (NGHS) enabled digital access to achieve new patient acquisition goals in Georgia's highly competitive healthcare market.

2023 Care Access Benchmark Report for Healthcare Organizations

To manage growing consumer expectations and shrinking staff resources, forward-thinking healthcare organizations have adopted digital strategies, but recent research shows that...

Increase ROI Through AI: Unlocking Scarce Capacity & Staffing

Unlock the potential of AI to optimize capacity and staffing in healthcare. Join us on February 27th to discover how innovative AI-driven solutions can revolutionize operations...

Boosting Marketing Efficiency: A Community Healthcare Provider’s Success Story

Explore the transformative impact of data-driven insights on Baptist Health's marketing strategies. Dive into this comprehensive case study to uncover the value of leveraging ...