The Russia-affiliated ransomware group Clop have claimed responsibility for a broad attack on more than 130 businesses, including many attributed to the healthcare industry. This was carried out with a zero-day vulnerability in the secure file transfer program GoAnywhere MFT. A major health system known as Community Health Systems was one of the exploited Healthcare Entities, with one weakness of theirs exploited by Clop, according to the HHS sector notice, being a specific client portal, which was noticed at the beginning of February when cybersecurity expert Brian Krebs first released information to the public. Following this, five days later, the software provider Fortra released a fix for the GoAnywhere program. According to CHS’s SEC report from February 13th, the Fortra GoAnywhere breach may have affected over one million users. The HHS sector alert comes following a recent study by the cyber risk intelligence company Black Kite that illustrated the sectors that have been subject to the most cyber-attacks in the last twelve months and placed the healthcare industry as the third most targeted for 2022. Since the beginning of the threat group’s first observed attack campaign in February 2019, Clop has been actively pursuing various sectors and causing major disruption. The HHS commented on the current danger Clop still poses to the industry, stating: “Clop appeared to suffer a major setback in June 2021 when law enforcement arrested six individuals in Ukraine linked to the group. Continued and successful attacks, however, demonstrate that this prolific group is still a viable threat to the healthcare sector.”
In addition to this, the HHS had warned the healthcare industry about a danger from Killnet, a pro-Russian hacktivist group that has hospitals and medical institutions in various nations on its list of target countries. The HHS sector notice has offered various recommendations to firms to educate them and significantly reduce the risk of future assaults through various access points. The advice is broken up into the following three main points:
- To mitigate the dangers of social engineering assaults via email or network access, invest in further educate and training individual employees.
- Evaluate enterprise risk in relation to any potential vulnerabilities and place greater emphasis on the security plan, while also allocating the required resources in the correct places, namely manpower and capital.
- Implement a cybersecurity road map that is clear and concise. This will aid all members of the healthcare entity as they look to prevent further damage.
Finally, the HHS offered connections to online government resources for healthcare entities which provide general knowledge, commonly asked questions by organizations, and a ransomware preparation self-assessment for the entities to carry out.