A joint cybersecurity advisory published last week discusses ransomware attack impacts on healthcare, along with ALPHV’s attack techniques, indicators of compromise (IoCs) and proper response actions.
ALPHV is a big enough problem that Cybersecurity and Infrastructure Security Agency (CISA), the FBI and the Department of Health and Human Services (HHS) all are getting together to put healthcare organizations on notice. According to their advisory, from just December of last year until the end of February, ALPHV ransomware has hit 70 organizations.
“The healthcare sector has been the most commonly victimized. This is likely in response to the ALPHV Blackcat administrator’s post encouraging its affiliates to target hospitals after operational action against the group and its infrastructure in early December 2023.”
Attacks by this group and their affiliates most often begin with social engineering via email, phone and text – posing as members of IT to employees of the victim org — to obtain employee credentials.
CISA does provide some recommended mitigation actions:
- Lockdown which applications can run on endpoints
- Implement FIDO-based MFA
- Use network monitoring to identify abnormal activity
- Use email scanning to eliminate malicious content before it reaches an employee
- Endpoint protection
- And, of course — my favorite — implement security awareness training to specifically cover social engineering and phishing attacks
KnowBe4 empowers your workforce to make smarter security decisions every day. Over 65,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.