• About Us
  • Events
  • Newsletter Sign Up
  • Spotlight Series
  • Webinars
  • WhitePapers
  • Videos
  • Podcasts
    1. Cybersecurity
    2. Data Breaches

    FBI Alert: Hive Ransomware, A Particular Concern for Healthcare

    Sept. 3, 2021
    The FBI issued an alert about Hive ransomware that took down Memorial Health System in August, the ransomware gang is especially concerning for healthcare organizations
    Dreamstime L 211252528 61324ed567a22

    As cyberattacks on health systems are now regrettably commonplace, the FBI has released an alert about the malicious Hive ransomware, the same group that took down Memorial Health System on Aug. 15.

    The alert says that “Hive ransomware, which was first observed in June 2021 and likely operates as an affiliate-based ransomware, employs a wide variety of tactics, techniques, and procedures (TTPs), creating significant challenges for defense and mitigation. Hive ransomware uses multiple mechanisms to compromise business networks, including phishing emails with malicious attachments to gain access and Remote Desktop Protocol (RDP) to move laterally once on the network.”

    Further, “After compromising a victim network, Hive ransomware actors exfiltrate data and encrypt files on the network. The actors leave a ransom note in each affected directory within a victim’s system, which provides instructions on how to purchase the decryption software. The ransom note also threatens to leak exfiltrated victim data on the Tor site, “HiveLeaks.”

    An article from ZDNet by Jonathan Greig says that “Most victims face a payment deadline ranging between two and six days, but others were able to extend their deadlines through negotiation.”

    Greig writes that “John Riggi, American Hospital Association senior advisor for cybersecurity, said the new Hive ransomware is particularly concerned for healthcare organizations. Hive has so far attacked at least 28 organizations, including Memorial Health System, which was hit with a ransomware attack on August 15. The non-profit runs a number of hospitals, clinics, and healthcare sites across Ohio and West Virginia.”

    Memorial Health System president and CEO Scott Cantley said in a statement that staff at three hospitals—Marietta Memorial, Selby, and Sistersville General Hospital—were working with paper charts while their IT teams worked to restore their systems. Additionally, Cantley canceled all urgent surgical cases and all radiology exams for Aug. 16.

    Greig reports that “In a statement three days later, Cantley said the hospital system ‘reached a negotiated solution and are beginning the process that will restore operations as quickly and as safely as possible.’"

    Greig added that “He [Cantley] later admitted to The Marietta Times that the hospital paid a ransom to receive the decryption keys.”

    The FBI recommends taking the following actions if your organization is impacted by a ransomware incident:

    • Isolate the infected system
    • Turn off other computers and devices
    • Secure backups

    Continue Reading

    Sponsored Recommendations

    10 Reasons to Run Epic on Pure

    Gain efficiency & add productivity to your Epic data center. Download now to learn more!

    Payer Platform Services and Support

    Let’s leverage Payer Platform for smooth, seamless operations.When tasks are important and need to be done right, you trust the experts. The same is true for your...

    Pure Powers Progressive Payers

    Increase your business agility with Pure’s digital payer platform.Legacy storage solutions cannot keep up with the ever-expanding initiatives in the payer market. To deploy...

    Executive Handbook: Ten Transformative Trends 2024

    The editors of Healthcare Innovation have published their annual Ten Transformative Trends ensemble of articles