North Korea is actively using ransomware to target healthcare

Female and male tech workers at computers wearing professional clothes with headsets on and on a phone, with female boss over their shoulders directing them on what to do on their monitors

CISA, the FBI, Department of Treasury, and Infrastructure Security Agency released a joint Cybersecurity Advisory yesterday to alert the public that North Korea is actively using ransomware to target healthcare.

In an ideal world, we would never have to issue another threat alert. But cyber actors are putting a massive strain on the health, well-being, and finances of U.S. citizens and private sectors. Our mission at Paubox is to ensure that healthcare organizations stay secure and HIPAA compliant through the most significant communication channel today: email. 

Let us help you with the heavy lifting of email cybersecurity, so you can focus on what you do best: taking care of people. Find out how.

CISA’s alert on the North Korean state-sponsored cyber actors

The FBI has observed and responded to multiple Maui ransomware incidents at healthcare and public health organizations. North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services, including electronic health records, diagnostics, imaging, and intranet services. In some cases, these incidents disrupted the services the targeted HPH Sector organizations provided for prolonged periods. The initial access vector(s) for these incidents is unknown.

How to stop cyber actors from actively using ransomware to target healthcare

332 billion emails are sent daily; it takes one employee to respond to a single phishing email, and then cyber actors are in your organization. 90% of data breaches occur due to phishing, and employees receive an average of 14 malicious emails yearly. The healthcare risk is real. Data breach costs are now averaging $9.3 million per occurrence and worse impact the morbidity and health of U.S. patients. 

We urge our healthcare community to take these threats seriously and audit your cybersecurity. The complete list of CISA’s recommendations for the mitigation and indicators of compromise (IOCs) can be found here. 

Should you pay the ransom if your healthcare organization is attacked?

The FBI, CISA, and Department of Treasury highly discourage paying ransoms. However, files and records are not guaranteed to be recovered, and sanctions risks may be posed if a ransom is paid. In September 2021, Treasury issued an updated advisory highlighting the sanctions risks associated with ransomware payments and the proactive steps companies can take to mitigate such risks.

U.S. entities should adopt and improve cybersecurity practices. They also need to report ransomware attacks to and fully cooperate with law enforcement. The Treasury’s Office of Foreign Assets Control (OFAC) is more likely to resolve apparent sanctions violations involving ransomware attacks with a non-public enforcement response when affected parties take these proactive steps.

How Paubox can keep your healthcare organization safe from North Korea’s ransomware threat

Paubox Email Suite Plus is the patented HIPAA compliant solution to protect your employees from malicious emails like phishing attacks and spam containing viruses, and malware. Our HITRUST CSF certified software flags suspicious emails and quarantines them safely away from employees’ inboxes.

Paubox’s innovative suite of  healthcare-specific tools protects your organization. ExecProtect provides patented security from display name spoofing attacksDomainAge will spot emails with recently registered domain names and quarantine them. It also includes Zero Trust Email, which requires an additional layer of authentication before delivering an email.

Robust inbound email security is a necessity for companies these days. Paubox is always innovating and staying ahead of email security threats.

With patented technology developed specifically for healthcare, we are your ally in the war against cybercrime.

Try Paubox Email Suite Plus for FREE today.

HITRUST CSF certified
4.9/5.0 on the G2 Grid
Paubox sends 70 million HIPAA certified and secure emails every month.

About the author

Anne-Marie Sullivan

Read more by Anne-Marie Sullivan

Get started with
end-to-end protection

Bolster your organization's security with state-of-the-art email encryption and inbound email security.

Highest rated HIPAA compliant messaging solution on G2

EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport
EmailEncryption BestMeetsRequirements MeetsRequirements
SecureEmailGateway MostImplementable Total
SecureEmailGateway Leader Leader
SecureEmailGateway EasiestToUse EaseOfUse
SecureEmailGateway EasiestAdmin EaseOfAdmin
SecureEmailGateway BestUsability Total
SecureEmailGateway BestResults Total
SecureEmailGateway BestRelationship Total
EmailEncryption UsersMostLikelyToRecommend Nps
EmailEncryption MomentumLeader Leader
SecureEmailGateway BestSupport Mid Market QualityOfSupport