Feds Take Action Against Health Care Cyber Threat

August 14, 2025

The U.S. Justice Department this week announced a series of actions against a ransomware group that has targeted hospitals and other health care organizations.

On Monday, the department announced it had taken down four servers and nine domains from the BlackSuit (Royal) Ransomware. The takedown involved a coordinated effort across international agencies and included the seizure of virtual currency valued at  $1.1 million.

“The BlackSuit ransomware gang’s persistent targeting of U.S. critical infrastructure represents a serious threat to U.S. public safety,” Assistant Attorney General for National Security John A. Eisenberg said in a statement.

In a statement, federal officials said the international effort involved seizing servers, domains, and digital assets used by the BlackSuit Ransomware group “to deploy ransomware, extort victims, and launder proceeds of these activities.”

The group’s ransomware attacks have targeted critical infrastructure, including critical manufacturing, government facilities, health care and public health, and commercial facilities, federal officials said.

The Cybersecurity and Infrastructure Security Agency recommends organizations protect themselves against cyber threats by:

• Prioritizing remediating known exploited vulnerabilities
• Training users to recognize and report phishing attempts
• Enabling and enforce multifactor authentication

See a cybersecurity advisory about the ransomware group and additional details about this week’s announcement online.

HAP continues to monitor the latest cybersecurity developments and provide updates to members. For additional information, contact Edward Wurster, III, manager, business continuity and cyber resilience.