BlackCat Ransomware Gang Hits NextGen Healthcare and Becomes an Even More Scary Threat - MedCity News

Ransomware group BlackCat has been targeting healthcare organizations in recent months, and last week cybercriminals linked to the group added NextGen HealthcareAtlanta-based electronic health record provider with more than 2,500 healthcare organizations as customers, to your list of victims.

Healthcare organizations have been advised to strengthen their cybersecurity strategy to account for the threat posed by BlackCat, and the Department of Health and Human Services has issued various warnings about the group’s expanded capabilities and propensity to target the healthcare sector.

NextGen acknowledged the attack and said the threat was immediately contained. The company assured its customers that NextGen’s network is secure and all operations are running as usual.

NextGen’s forensic review has yet to uncover any evidence that patient data was accessed or exfiltrated, the company said The Washington Post. And a representative claiming to be part of BlackCat refused to provide proof that the group has received data from NextGen customers.

Regardless of whether BlackCat ends up using NextGen’s data for malicious purposes, the attack shows that the ransomware group has its sights set on major healthcare companies.

The Department of Health and Human Services has tried to make the healthcare industry aware of this fact. Less than two weeks ago, the department issued its latest brief threat warning health organizations about BlackCat, calling the group “relatively new but very capable ransomware a threat to the healthcare sector.”

The BlackCat first came onto the federal government’s radar in late 2021 when the Federal Bureau of Investigation discovered that the ransomware gang compromised at least 60 victims in four months. HHS suspects that BlackCat is a successor to a ransomware group known as Darkside or BlackMatter; which said it was shutting down in late 2021 due to pressure from the federal government.

HHS also reported that one of BlackCat’s administrators is a former member of REvil. REvil was one of the best ransomware gangs in the world until it wasn’t turn off by the Russian authorities a year ago.

BlackCat is characterized by its “triple extortion” approach, meaning it combines ransomware attacks with threats to leak stolen data and disable websites. To increase the pressure on his victims to pay the ransom, BlackCat began publication of search data from his hacks to the open web as opposed to the dark web.

Targeting the healthcare sector along with other industries, the group is focusing on attacking US companies, HHS warned. BlackCat said it does not attack hospitals, ambulances or government medical institutions, but will go after pharmaceutical companies and private clinics. However, many ransomware gangs have not kept their word about the companies they attack, HHS said.

Healthcare organizations would be wise to improve their cybersecurity strategy in defense against BlackCat, as it is “one of the most adaptive ransomware operations in the world,” according to analyst’s note which HHS released in December.

“BlackCat was one of the first major ransomware variants to be developed in the Rust programming language, has a highly customized feature set, and relies heavily on internally developed capabilities that are constantly being developed and upgraded,” the note said.

Photo: WhataWin, Getty Images

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *