This Ransomware Group is Actively Targeting Healthcare Organizations



Recently, the FBI, HHS, and the Cybersecurity and Infrastructure Security Agency (CISA), issued a warning alerting US businesses to the threat of the “Daixin Team” cybercrime group. The cybersecurity advisory (CSA) was released as part of the #StopRansomware effort to educate businesses on “recently and historically observed tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) to help organizations protect against ransomware.”

The Daixin Team has been actively working against the healthcare industry in the US since at least June of 2022. As we’ve discussed in previous newsletters, the protected health information of your patients is valuable to hackers. That’s why this group has been hitting providers with targeted cyberattacks aimed at exfiltrating PHI and holding it for ransom. They’ve entered systems through vulnerabilities in their virtual private network (VPN) servers, and they’ve used stolen credentials to gain access where multi-factor authentication was not enabled.

How can you protect your organization and your patients from this threat? The CISA, FBI, and HHS recommended that providers “install updates and prioritize patching VPN servers, remote access software, known vulnerabilities, and virtual machine software,” as well as requiring multi-factor authentication“for as many services as possible.”

The advisory contains helpful guidance for how to prevent a ransomware attack from occurring, and for how to respond after an attack. It was strongly recommended that providers do not pay ransoms, as there is no guarantee that your data will be returned.

Have you recently reviewed your organization’s cybersecurity posture? Have you implemented best cybersecurity practices and tools to better protect you and your patients from groups like the “Daixin Team?” Knowing where your weaknesses lie is key to eliminating them.

The HIPAA security risk analysis requirement includes a full assessment of your organization’s technical safeguards. Have you conducted this analysis yet in 2022? Now’s the time to get your SRA completed and documented. Once this requirement is met, you’ll be able to pull from any findings the areas that you need to prioritize as you continue to improve security.

The Medcurity platform makes this process simple, with prioritized action item tracking and a team of experts ready to assist in any way. We bring clarity and confidence to HIPAA compliance, so that you can focus on providing the best patient care. If you have questions about this assessment, your team at Medcurity is happy to help. You can reach out to us here.