HHS Issues Threat Warning to US Healthcare Sector

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HC3) has issued a warning to the US health sector over the possibility of collateral cyber-attacks linked to Russia’s invasion of Ukraine.

In a notice issued Tuesday, HC3 said that the conflict had “as expected, spilled over into cyber space,” and identified three potential threat groups which could possibly target American healthcare organizations.

Potential adversaries identified by HC3 were organizations that are part of the Russian government, cyber-criminal groups based in Russia and neighboring states and organizations that are part of the Belarussian government. 

“This is not to say that other threat actors can or will not get involved, but these three groups are the primary focus at this time,” stated the notice.

HC3 said that Russian state-sponsored actors had been observed in previous years targeting adversarial critical infrastructure to further their geopolitical goals.

“They are suspected to be behind cyberattacks on Estonian government, media and financial targets in 2007, Georgian government sites in 2008, Kirgizstan Internet Service Provider attacks in 2009, Ukrainian government, military and critical infrastructure attacks in 2014 and again on Ukraine as well as many other countries with NotPetya in 2017,” stated the notice.

While the Center said it wasn’t aware of any specific current threat to the US Healthcare and Public Health (HPH) Sector, it emphasized that ransomware gang Conti, who publicly voiced its support for the government of President Vladimir Putin last week, has targeted US healthcare organizations aggressively in the past.

“They are known to conduct Managed Service Provider (MSP) compromise, big game hunting (targeting of large organizations), multi-stage attacks (leveraging other malware variants as part of the attack) and double and triple extortion (data theft combined with the ransomware attack),” warned HC3.

“It is very possible that other cybercriminal groups have or will join the conflict, and will bring with them their custom tools, tactics, techniques, and weapons.”

Specific attack vectors listed in the notice included the two data wiping malware variants HermeticWiper and WhisperGate, which the HC3 said have been “observed in significant use against Ukraine in the last two months.”

HC3 advised healthcare organizations to follow CISA’s guidance on defense and mitigation steps.

What’s Hot on Infosecurity Magazine?