Skip to main content
close search
site logo
Dive Brief

HHS warns providers of 'exceptionally aggressive' ransomware group

The Hive group practices double extortion — demanding payment to free data it has encrypted while also threatening to release the unencrypted data publicly.

Published April 25, 2022
Shannon Muchmore's headshot
Senior Editor
Ransomware virus has encrypted data. Attacker is offering key to unlock encrypted data for money.
vchal via Getty Images

First published on

Healthcare Dive

Dive Brief:

  • The Department of Health and Human Services posted an alert last week warning healthcare organizations of an "exceptionally aggressive" ransomware group that is known to target the sector.
  • The Hive group practices double extortion — demanding payment to free data it has encrypted while also threatening to release the unencrypted data publicly, often by selling it on "name and shame" dark web sites, according to the department.
  • The HHS Office of Information Security said in an analyst note that healthcare organizations should try to protect themselves with continuous monitoring and an active vulnerability management program. The alert also suggested keeping backups of data in multiple locations and using two-factor authentication with strong passwords.

Dive Insight:

Hive first emerged in June of last year. By the third quarter of 2021, the group already was ranked as the fourth most active ransomware group by threat intelligence firm Intel 471. Group-IB Threat Intelligence analysts said in September that Hive had targeted more than 350 companies.

The group has multiple tactics, including phishing and compromising VPNs. It often sends a ransom note telling users not to delete or modify files and warning that if they go to the authorities the encryption key will be erased, according to the analysis.

Hive's encryption method prevents security researchers from seeing the ransom note and monitoring negotiations, the HHS said. Its ransomware moves laterally through a system and seeks out backups, shadow copies and snapshots while targeting antivirus software, according to the FBI.

Hospitals have struggled to roll out comprehensive cybersecurity programs for years. COVID-19 exacerbated the problem and breach reports to the HHS in the second half of 2020 climbed 36% over the prior six-month period.

Now, Russia's invasion of Ukraine is stirring fresh concerns. The American Hospital Association has warned providers to shore up their systems even as the pandemic continues to stretch resources.

Ransomware attacks can have severe consequences on systems. A September survey from the Ponemon Institute found that one in four providers said their organization noticed a rise in mortality rates following an attack.

They can also affect the bottom line. The cost to recover records rose 16% from 2019 to 2020, Fitch ratings said last year. Its report also noted that providers can be hit financially if they're locked out of their billing systems.

Recommended Reading

Filed Under: Threats

Editors' picks

Company Announcements

View all | Post a press release
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Threats
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell