Authorities warn healthcare groups about Lockbit 2.0 cybercrime gang

Federal authorities are warning healthcare organizations about an emerging cybersecurity threat.

Both the U.S. Department of Health and Human Services and the FBI have sent out warnings about a cybercrime gang known as Lockbit 2.0.

The Lockbit 2.0 group claims it typically doesn’t target healthcare organizations, the health department said. But the agency noted that ransomware is a major threat to the healthcare industry.

The FBI describes Lockbit 2.0 as an “affiliate-based Ransomware-as-a-service.”

After attackers gain access to a network, they’ll use Lockbit software to exfiltrate data, authorities say. Attackers will leave ransom notes with instructions on how to obtain encryption software. Ransom notes typically threaten to leak information unless a ransom is paid.

Crane Hassold, director of threat intelligence of Abnormal Security, told Chief Healthcare Executive the ransomware-as-a-service model has become more common in cybercrime during the last several years. Organizations make their ransomware and sell it to groups all over the world who will use it to try and attack vulnerable targets.

“It’s very much like a business,” Hassold said. “Actors run operations and maximize profits while doing the least amount of work possible.”

From 2020 through 2021, 4,200 companies, government institutions and organizations have been the victims of ransomware attacks, according to a report released last month by Abnormal Security. The report found 6.7% of those ransomware attacks were aimed at healthcare organizations. One cybercrime group, Pysa, has been especially active in ransomware attacks of healthcare and educational institutions.

Lockbit is one of five groups responsible for half of all ransomware attacks in the last two years, according to the Abnormal Security report.

Ransomware attacks have targeted healthcare repeatedly in recent years, but Hassold said they are increasingly being deployed at other businesses. Many are aimed at small companies that have less robust defenses against cybersecurity.

Hundreds of cybersecurity incidents involving healthcare organizations were reported in 2021, and experts predicted more attacks are possible this year.

Most healthcare organizations are investing more in cybersecurity, according to a survey released last month by the Healthcare Information and Management Systems Society (HIMSS). But the survey of more than 160 industry professionals revealed many healthcare organizations only have modest resources dedicated to cybersecurity.

Phishing was the most common cybersecurity incident in the HIMSS, followed by ransomware attacks.

Lockbit ransomware attacks involve a number of strategies, the FBI says. Attacks include insiders providing access, existing vulnerabilities that haven’t been repaired, or “zero day exploits,” where hackers find a weakness in the software that even developers and vendors don’t know about.

The FBI Flash alert offers more specific directions to help safeguard systems. Anyone finding suspicious activity is encouraged to contact their local FBI field office.

Last fall, federal authorities warned attackers backed by the Iranian government are targeting healthcare systems and other vital areas.

More from Chief Healthcare Executive

Cybersecurity and hospitals: Looming threats, vulnerabilities, and what can be done