What to Know: The Akira Ransomware Group
Good afternoon, Medcurity community! This week's blog post is a bit more technical. We encourage you to forward it on to your IT team.
As we've followed the rise in ransomware and other cyberattacks, we've seen an increased emphasis on the need for cybersecurity in the healthcare industry. Now, there's another ransomware group on the rise, and as we discussed in our last newsletter, healthcare looks like one of their biggest targets.
The Health Sector Cybersecurity Coordination Center (HC3) issued a warning regarding the Akira ransomware group, active since May 2023. In their recent note, HC3 highlighted Akira's trend of 81 cyber incidents, with healthcare organizations among the targeted industries.
In a previous notice issued in September, HC3 detailed the group's tactics, including the exploitation of compromised credentials and vulnerabilities in virtual private networks (VPNs).
Akira's modus operandi suggests a possible link to the Conti ransomware gang, known for its aggressive targeting of healthcare providers. While no official connection has been confirmed, similarities in tactics and operations indicate a level of sophistication that's worth giving some attention. Akira operates as a ransomware-as-a-service (RaaS) operation, employing “double extortion” tactics. This means the group demands two payments, one to restore encrypted information, and the other to guarantee no data will be leaked outside the organization.
How can you continue to prevent these attacks from compromising your patient data?
Usually, Akira gets into a system by first gaining access to employee usernames and passwords. They primarily target Windows and Linux infrastructure. To combat this threat, healthcare providers should implement network segmentation, review domain controllers for unauthorized accounts, and deploy multi-factor authentication (MFA) on vulnerable VPNs.
Setting up good cybersecurity and training your employees not to "open the door" for hackers is the best way you can protect your organization and your patients. As ransomware tactics evolve, staying informed about their latest techniques and strategies is essential for maintaining security and keeping patient data safe.
Our team is here to help you identify any easy-access points for hackers as part of your HIPAA Security Risk Assessment. Our goal is to bring clarity and confidence to your assessment and risk management, so that you can continue to provide the best patient care.