It has been reported that U.S. cybersecurity and intelligence agencies have published a joint advisory warning of attacks perpetrated by a cybercrime gang known as the Daixin Team primarily targeting the healthcare sector in the country. The alert was published Friday by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS).
The full story can be found here: https://thehackernews.com/2022/10/cisa-warns-of-daixin-team-hackers.html
Ransomware is a growing threat for the healthcare industry. Our analysis shows that in 2021, 108 ransomware attacks affected 2,302 medical organizations, which potentially impacted 19.76 million patient records. We estimate that these attacks cost medical entities almost $7.8 billion in downtime alone.
Daixin Team, like many ransomware attackers, uses phishing to trick victims into handing over the login credentials needed to break into a hospital’s computer system. Specifically, Daixin phishes hospital staff for their VPN credentials, which grants them remote access to the hospital’s network.
Hospital staff who use internet-connected devices at work need to be trained to spot and handle phishing emails. Never click on links or attachments in unsolicited messages, and always verify the sender. Furthermore, implementing multi-factor authentication can prevent many attacks that take advantage of stolen credentials.
Educate! Educate! Educate! This should be the mantra of any organization when it comes to informing their employees and executives of the risks of phishing emails and texts, as well as the other risks of hackers’ social hacking attempts.
The one million patients and employees with info exposed in the breach should stay alert for phishing attempts, new accounts being opened in their name, and other activities enjoyed by bad actors when they score personal data from a new batch of victims. The affected parties should also take advantage of free credit monitoring services being offered.