Cybersecurity Threats to US Healthcare Sector: INC Ransomware Attacks
A recent report from BleepingComputer has highlighted the growing threat of ransomware attacks in the U.S. healthcare sector. The attacks, using the INC ransomware payload, have been attributed to the Vanilla Tempest threat operation, also known as Vice Society and DEV-0832.
Vanilla Tempest, previously linked to the Rhysida ransomware group, gained initial network access through Storm-0494’s Gootloader malware attacks. They then proceeded to distribute Supper malware, AnyDesk remote monitoring tools, and MEGA data synchronization tools. This allowed them to move laterally within the network and eventually execute the INC ransomware.
One incident involved a Michigan-based non-profit healthcare system, McLaren Health Care, which experienced disruptions due to an INC ransomware attack. This comes after the source codes of the INC Ransom ransomware-as-a-service operation were reportedly sold on hacking forums by a threat actor named “salfetka.”
In addition to these attacks, there have been concerns about the exposure of sensitive data. A recent incident involved Star Health data being exposed via Telegram bots, allowing free access to a large number of data samples and claim documents. Despite efforts to shut down these chatbots, more have emerged to distribute the stolen data.
Furthermore, there has been a crypto heist against BingX resulting in the theft of over $44.7 million. An investigation conducted with blockchain security firm SlowMist highlighted the severity of the incident, with BingX taking immediate action to secure its assets and implement emergency procedures in response to the unauthorized network access.
These developments underscore the urgent need for enhanced cybersecurity measures within the healthcare sector. As threats continue to evolve and cybercriminals become more sophisticated, organizations must prioritize the protection of sensitive data and critical infrastructure to safeguard against potential attacks. The collaboration between security firms and affected organizations is crucial in mitigating the impact of cyber threats and ensuring the resilience of healthcare systems in the face of growing cybersecurity challenges.
