In light of the ongoing conflict in Ukraine and the consequential global impacts and destabilization, the Department of Health and Human Services (HHS) continues to caution about escalating threats of cyberattacks. In early March 2022, HHS issued a bulletin warning those in the U.S. healthcare sector of the potential threats of cyberattacks by Russia and those aligned with it.
In particular, HHS warned of threats by one of the most prominent cybercriminal groups to publicly support Russia, the Conti ransomware operators. Historically, this group has been known to target U.S. healthcare organizations with threats including Managed Service Provider compromises, big game hunting, multi-stage attacks (leveraging other malpractice variants as part of the attack), and double and triple extortion (data theft combined with a ransomware attack). Healthcare providers of all sizes and types should therefore continue to be familiar with the various types of potential attacks, which are discussed in the HHS bulletin.
To assist our healthcare sector clients, we have previously written about steps taken by the federal government to help private entities stay vigilant, including the passage of the Strengthening American Cybersecurity Act and the Statement by President Biden on our Nation’s Cybersecurity. Entities in the healthcare sector would be well advised to remain on guard and continue to implement protocols and other measures to protect their organizations from cyberattacks.