CISA Advisory

ALPHV Blackcat Ransomware Targets Healthcare Sector

AA23-352A • Published December 18, 2023

Severity: critical

A dangerous ransomware gang called Blackcat is specifically going after hospitals and healthcare providers. They break in through stolen passwords and security holes, then lock up patient records and demand millions in ransom. Healthcare organizations need to immediately update their security.

Overview

Joint advisory from CISA, FBI, and HHS warning about ALPHV/Blackcat ransomware affiliates increasingly targeting healthcare organizations. The advisory includes technical details on attack methods, indicators of compromise, and recommended mitigations.

Who Is At Risk

  • Hospitals and health systems
  • Medical practices
  • Healthcare IT providers
  • Medical device manufacturers
  • Insurance companies

Affected Products

Remote Desktop Protocol, Citrix ADC, Microsoft Exchange, VMware ESXi

Is your business exposed?

Immediate Actions

  1. 1.

    Implement phishing-resistant MFA

  2. 2.

    Secure RDP with VPN and MFA

  3. 3.

    Maintain offline encrypted backups

  4. 4.

    Segment networks to limit lateral movement

  5. 5.

    Implement EDR on all endpoints

Official Source

https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-352a

Is your business exposed?

Check if your company data is circulating on the dark web

Free scan • No credit card required

Privacy PolicyYour Privacy Choices