Conti Ransomware is Still a Threat



The CISA, FBI, and the United States Secret Service re-released their Conti Ransomware Alert from September of last year. The group that claimed responsibility for several cyberattacks against healthcare organizations in the US is still actively threatening patient privacy. In fact, the number of “reported Conti ransomware attacks against U.S. and international organizations have risen to more than 1,000.”

Earlier this month, Sophos found that two different ransomware groups were targeting a single Canadian healthcare organization at the same time. Despite using very different tactics, both Conti and Karma were able to exfiltrate protected data. In addition, Conti announced last month that they would “support Russia’s invasion of Ukraine and use retaliatory measures against the US should it attack the Russian critical infrastructure.”

Both recent instances have demonstrated Conti’s continued threat against the US and international organizations. As a healthcare provider, it’s important for you to understand how to protect your organization and your patients from these cyberattacks. 

Conti ransomware attacks usually gain access to information through “spearphishing campaigns, stolen Remote Desktop Protocol (RDP) credentials, fake software promoted via search engine optimization, or common asset vulnerabilities.” The best way to prevent these attacks is by putting the technical safeguards in place that we’ve discussed in the past. 

Technical safeguards are defined in the HIPAA Security Rule as “the technology and the policy and procedures for its use that protect electronic protected health information and control access to it.” The “right” technical safeguards for organizations to best protect their data from hackers are constantly changing, as new threats make the old protections obsolete. However, there are some current best practices that cybersecurity experts are urging healthcare providers to employ. 

How To Protect My Organization

Make sure your organization has adopted multi-factor authentication to remotely access networks. If you haven’t yet, consider implementing network segmentation and filtering network traffic to keep phishing emails out of your employees’ inboxes. The report discussed above also “recommended that organizations remove unnecessary applications, implement endpoint and detection response tools, restrict access to RDP, and secure user accounts.”

Now is the time to relook at who has access to what data within your organization. Are you doing enough to keep sensitive information out of the wrong hands? It can be hard to tell how strong your cybersecurity posture actually is. 

We recommend conducting a Network Vulnerability Assessment (NVA), to show you exactly where the vulnerabilities in your organization lie and what you need to prioritize to keep cyberattackers out. It’s crucial to identify both internal and external network weaknesses, which is why Medcurity provides NVAs that give you a complete picture of your security. To make next steps after the assessment easier, our team walks you through a final report categorizing and prioritizing vulnerable areas. 


If you have questions about the NVA or any other technical safeguards, feel free to reach out to us at any time. Our team is here to help you protect your patients, so that you can continue providing the best care.