Another Credible Health Care Cybersecurity Threat

November 10, 2023

The federal government is warning the health care community about another emerging digital threat that recently targeted an organization providing medical scans and radiology services.

In an industry alert, the Office of Information Security and the Health Sector Coordination Center warned about the emergence of the Blacksuit gang, which uses a “a double extortion method that steals and encrypts sensitive data on a compromised network.”

“With only a small number of victims, the ransomware gang is considered more infamous for their purported connections to the more prolific Royal ransomware family,” alert noted.

Here’s what you need to know:

• About:  BlackSuit targets Linux and Windows systems, preventing victims from accessing their sensitive files by encrypting them and attempting to coerce victims into paying a ransom demand.
  • The attack comes through infected email attachments, torrent websites, and malicious ads.
• Recent attack:  During October, the BlackSuit gang targeted a victim that provides medical scans and radiology services, causing the victim to shut down computer systems and turn away patients at fixed-site locations.
  • The ransomware group has targeted the U.S., Canada, Brazil, and the United Kingdom.
• Possible ties:  The ransomware group has been cited in a small number of attacks and could be an affiliate to other groups (Conti and Royal) that have targeted the health care sector.
• Quotable:  “The value of (health and public health) data, in particular, signals that the health care industry will remain a viable target to this threat actor,” the alert notes.

The full alert is available online.

The federal government recommends health care organizations reference resources to Stop Ransomware and bolster digital safety.