Prolific ransomware group targets healthcare, prompts official warning

Editor's Note

Black Basta, reportedly the second most prolific ransomware group in the world, has healthcare organizations firmly in its crosshairs, according to a May 13 article in the Hippa Journal.

Citing a May 10 bulletin on the group from Health Information Sharing and Analysis Center Healht-ISAC, the article notes that Black Basta has attacked at least two healthcare organizations in the past month. Additionally, "Black Basta affiliates have conducted data theft and encryption attacks in 12 of the 16 critical infrastructure sectors, and recently the group has accelerated attacks on healthcare organizations. According to multiple CNN sources, Black Basta was behind the recent ransomware attack on Ascension which disrupted clinical operations at its 140 hospitals."

The threat prompted the release of joint cybersecurity advisory from the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), Department of Health and Human Services (HHS), and Multi-State Information Sharing and Analysis Center (MS-ISAC). Published as part of CISA’s Stop Ransomware effort, the alert details how the organization has used spear phishing, QakBot malware, and other strategies and tools to exploit vulnerabilities. Potential mitigation strategies include advanced email security, end-user training, and phishing-resistant multi-factor authentication.