The BlackCat ransomware group is flexing its muscle with cyber attacks on healthcare. The latest was against NextGen Healthcare, an Atlanta-based electronic health record vendor with more than 2,500 healthcare organization customers. As of January 23, NextGen told the Washington Post that no patient data has been accessed or exfiltrated, and says that its systems are secure and operating as usual.
A spokesperson for the ransomware group also will not confirm that it has NextGen’s patient data. But this was 3 days after BlackCat had posted NextGen on its leak site. As reported by DataBreaches.net, NextGen then disappeared from the site. They may be in negotiations, or matters may have been resolved. What happened isn’t known at this time.
The BlackCat group (also known as AlphV) is sophisticated, mature and growing. With ties to ransomware groups in Russia going back for years, BlackCat/AlphV is believed to have been responsible for the Colonial Pipeline hack in May, 2021. Since then they’ve attacked agricultural companies, colleges and universities,
BlackCat Threatens Healthcare
Although the final story of the NextGen hack is unclear, the threat to healthcare is real. Less than two weeks ago the U.S. Department of Health and Human Services (HHS) issued a threat brief warning healthcare organizations about BlackCat, calling them “a relatively new but highly-capable ransomware threat to the health sector.”
If you haven’t already, now is the time to review the HHS brief to learn more about BlackCat ransomware and how to defend against their attacks. The brief contains extensive technical guidance for IT professionals’ use.
The brief also notes:
- The BlackCat group uses “triple-extortion” meaning its ransomware attacks are accompanied by threats to leak data unless paid, and it uses distributed denial-of-service attacks to disable websites.
- It has ties to older, infamous Russian ransomware gangs, such as Darkside/Black Matter and REvil.
- It favors U.S. targets (not uncommon for ransomware groups).
Fight Back with Strong Cybersecurity
You don’t need to wait for bad things to happen. Use the threat brief noted above to refine your defenses. In addition to the material in the brief, HHS recommends organizations review and use CISA’s Free Cybersecurity Services and Tools.