This report describes the technology and methodology used by cybercriminals to target the U.S. Healthcare and Public Health Sector. Particularly recently, attacks on U.S. hospitals have increased in frequency, and so the government published this article as a source of information for healthcare providers to use in order to protect themselves from future attacks. The government has found that these cybercriminals typically use phishing attacks to get victims to download ransomware (primarily Ryuk and Conti). This ransomware encrypts all the victim’s files and deletes all backup files so that the user must pay the ransom in order to get their data back. The government does not recommend victims to pay the ransom, as doing so does not ensure their files get recovered.
Author:
Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), Department of Health and Human Services (HHS)
