The FBI issued a detailed industry notification highlighting trends in ransomware attacks.
The notification outlined cybercriminals' use of sophisticated techniques to exploit vulnerabilities in third-party tools and system management software, leading to unauthorized access and data compromise.
These tactics were observed in recent incidents between 2022 and 2023, including the exploitation of vendor-controlled remote access to casino servers and the victimization of companies through system management tools.
The report detailed the operations of the Silent Ransom Group, also known as Luna Moth, which orchestrated callback-phishing data theft and extortion attacks. They could compromise local files, extract victim data, and extort companies by manipulating system management tools. These tactics were observed in recent incidents, including:
The American Hospital Association national advisor for cybersecurity and risk offered a statement on the FBI notification, “Although health care is not specifically mentioned in this advisory, it serves as a good reminder that third-party tools, technology, and services continue to be a major contributing factor in some of the largest data breaches and ransomware attacks impacting hospitals and health systems. The advisory points out that our cyber adversaries combine social engineering and legitimate third-party technology tools for maximum effect and provide clearly defined defensive measures applicable to health care."
The AHA recommends organizations establish a multidisciplinary risk management governance committee to help identify and manage cyber risk related to embedded third-party technology.
Although not explicitly mentioned in the advisory, the healthcare sector is highly susceptible to such attacks due to its reliance on numerous third-party tools and technologies. The potential impact of data breaches and ransomware attacks on hospitals and health systems cannot be overstated, as they compromise sensitive patient information and disrupt healthcare services.
Recent cases like the HealthAlliance Hospital, Margaretville Hospital, and Mountainside Residential Care Center cyberattack show how these cases can impact operations within the organization.
See also: Cyberattack shuts down New York hospitals
Implementing the defensive strategies outlined in the advisory, such as maintaining strong liaison relationships with the FBI field offices and conducting reviews of third-party vendor security postures, are methods of avoiding cybersecurity risks.
See also: HIPAA Compliant Email: The Definitive Guide