Healthcare organizations must heighten security protocols to prevent cyber attacks from North Korean state-sponsored actors. They must also avoid paying ransoms to prevent sanctions from the U.S. government, according to a joint advisory issued Wednesday from CISA, the FBI, and the Department of the Treasury.
The U.S. government agencies warned that Maui ransomware has been used by North Korean state-sponsored cyber actors since at least May 2021 to target healthcare organizations. The advisory did not list any specific organizations that were affected.
Last summer, the FBI successfully thwarted a cyber attack against Boston Children’s Hospital from Iranian government-sponsored actors, bringing to light the potential threats against healthcare companies.
A previous cyber attack from North Korean-sponsored actors, the WannaCry cyber attack, crippled the UK’s National Health Service and several hospitals for days.
This advisory further highlights the imminent threat against healthcare organizations.
“The risk of ransomware has been skyrocketing, both in numbers and the dangerousness of the types of attacks,” according to Fredric D. Bellamy of Dickinson Wright who represents companies affected by cyber attacks.
Bellamy pointed out the risk of cooperating with cyber attackers by paying a ransom poses its own set of consequences, including sanctions from the U.S. government.
“An important point made in the advisory is that companies are subject to sanctions from the U.S. government if those companies pay ransoms to hackers sponsored by certain hostile nations such as North Korea,” Bellamy said.
He advised that victims should cooperate with the FBI to address the attack and avoid sanctions.
According to the advisory, North Korean cyber attackers targeted health services related to electronic health records, diagnostics services, imaging services, and intranet services.
The agencies urged healthcare organizations to enhance security measures such as: train users to recognize and report phishing attempts, enable multifactor authentication, and install and regularly update antivirus software.
Companies that pay ransoms not only risk U.S. government sanctions, but could make the problem worse. “Payment does not guarantee files will be recovered and may embolden adversaries to target additional organizations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities,” the agencies wrote.
In April, a cybersecurity report from San Francisco-based Abnormal Security tracked the increase in cyber threats and found that medical industries had a 68.9% chance of receiving a business email compromise attack each week.
Photo: ValeryBrozhinsky, Getty Images