HHS Cybersecurity Branch Warns Healthcare Sector of Hive Ransomware Group

April 21, 2022
HHS’ Health Sector Cybersecurity Coordination Center issued an advisory on April 18 warning healthcare and the public health sector about the malicious Hive ransomware group

The Department of Health and Human Services' (HHS) Health Sector Cybersecurity Coordination Center (HC3) published an analyst note on April 18 warning healthcare and the public health sector of the Hive ransomware group.

The analyst note states that “Hive is an exceptionally aggressive, financially-motivated ransomware group known to maintain sophisticated capabilities who have historically targeted healthcare organizations frequently. HC3 recommends the Healthcare and Public Health (HPH) Sector be aware of their operations and apply appropriate cybersecurity principles and practices found in this document in defending their infrastructure and data against compromise.”

The Hive ransomware group was first observed in June of 2021. In September of 2021 we reported that the FBI has released an alert about the malicious Hive ransomware, the same group that took down Memorial Health System on Aug. 15. In March of 2022 we reported that the Hive Ransomware group posted on its dark website that it had stolen 850,000 personally identified information (PII) records from the Partnership HealthPlan of California. The analyst note cites a report that in its first 100 days as a group, Hive breached 355 companies.

The analyst note says that Hive’s operations include double extortion; operating as a ransomware as a service model; leveraging Golang— a language used by cybercriminals to design malware; leveraging infection vectors like RDP and VPN compromise as well as phishing; encrypting files end with a .hive, .key.hive or .key extension; making phone calls to some victims to extort ransom; and searching victim systems for applications and processes that backup data and terminate or disrupt them.

The analyst note adds that “When defending against Hive or any other ransomware variant, there are standard practices that should be followed. Prevention is always the optimal approach.”

The prevention methods in the analyst note include:

  • Using two-factor authentication with strong passwords
  • Sufficiently backing up data
  • Continuous monitoring
  • Having an active vulnerability management program
  • Having thorough endpoint security

Sponsored Recommendations

10 Reasons to Run Epic on Pure

Gain efficiency & add productivity to your Epic data center. Download now to learn more!

Payer Platform Services and Support

Let’s leverage Payer Platform for smooth, seamless operations.When tasks are important and need to be done right, you trust the experts. The same is true for your...

Pure Powers Progressive Payers

Increase your business agility with Pure’s digital payer platform.Legacy storage solutions cannot keep up with the ever-expanding initiatives in the payer market. To deploy...

Executive Handbook: Ten Transformative Trends 2024

The editors of Healthcare Innovation have published their annual Ten Transformative Trends ensemble of articles