Healthcare organizations must heighten security protocols to avoid cyber attacks from North Korean state-sponsored actors and avoid paying ransoms to prevent sanctions from the U.S. government, according to a joint advisory issued Wednesday from CISA, the FBI, and the Department of the Treasury.
The U.S. government agencies warned that Maui ransomware has been used by North Korean state-sponsored cyber actors since at least May 2021 to target healthcare organizations. The advisory did not list any specific organizations that were affected.
Last summer, the FBI successfully thwarted a cyber attack against Boston Children’s Hospital from Iranian government-sponsored actors, bringing to light the potential threats against healthcare companies.
A previous cyber attack from North Korean-sponsored actors, the WannaCry cyber attack, crippled the UK’s National Health Service and several hospitals for days.
This advisory further highlights the imminent threat against healthcare organizations.
“The risk of ransomware has been skyrocketing, both in numbers and the dangerousness of the types of attacks,” according to Fredric D. Bellamy of Dickinson Wright who represents companies affected by cyber attacks.
Bellamy pointed out the risk of cooperating with cyber attackers by paying a ransom poses its own set of consequences, including sanctions from the U.S. government.
“An important point made in the advisory is that companies are subject to sanctions from the U.S. government if those companies pay ransoms to hackers sponsored by certain hostile nations such as North Korea,” Bellamy said.
He advised that victims should cooperate with the FBI to address the attack and avoid sanctions.
According to the advisory, North Korean cyber attackers targeted health services related to electronic health records, diagnostics services, imaging services, and intranet services.
The agencies urged healthcare organizations to enhance security measures such as: train users to recognize and report phishing attempts, enable multifactor authentication, and install and regularly update antivirus software.
The FBI also discouraged paying ransoms. “Payment does not guarantee files will be recovered and may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities,” according to the agencies.
In April, a cybersecurity report from San Francisco-based Abnormal Security tracked the increase in cyber threats and found that medical industries had a 68.9% chance of receiving a business email compromise attack each week.
Photo: ValeryBrozhinsky, Getty Images