North Korea is actively using ransomware to target healthcare

CISA, the FBI, Department of Treasury, and Infrastructure Security Agency released a joint Cybersecurity Advisory  yesterday to alert the public that North Korea is actively using ransomware to target healthcare.

In an ideal world, we would never have to issue another threat alert. But cyber actors are putting a massive strain on the health, well-being, and finances of U.S. citizens and private sectors. Our mission at Paubox is to ensure that healthcare organizations stay secure and HIPAA compliant through the most significant communication channel today: email. 

Let us help you with the heavy lifting of email cybersecurity, so you can focus on what you do best: taking care of people.

Find out how.

CISA's alert on the North Korean state-sponsored cyber actors

The FBI has observed and responded to multiple Maui ransomware incidents at healthcare and public health organizations. North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services, including electronic health records, diagnostics, imaging, and intranet services.

In some cases, these incidents disrupted the services the targeted HPH Sector organizations provided for prolonged periods. The initial access vector(s) for these incidents is unknown.

How to stop cyber actors from actively using ransomware to target healthcare

332 billion  emails are sent daily; it takes one employee to respond to a single phishing email, and then cyber actors are in your organization.  90%  of data breaches occur due to phishing, and employees receive an average of 14 malicious emails yearly. The healthcare risk is real.

Data breach costs are now averaging  $9.3 million  per occurrence and worse impact the  morbidity  and health of U.S. patients.  We urge our healthcare community to take these threats seriously and audit your cybersecurity. The complete list of CISA's recommendations  for the mitigation and  indicators of compromise (IOCs)  can be found here. 

Should you pay the ransom if your healthcare organization is attacked?

The FBI, CISA, and Department of Treasury highly discourage paying ransoms. However, files and records are not guaranteed to be recovered, and sanctions risks may be posed if a ransom is paid.  

In  September 2021, Treasury issued an updated  advisory highlighting the sanctions risks associated with ransomware payments and the proactive steps companies can take to mitigate such risks. U.S. entities should adopt and improve cybersecurity practices. They also need to report ransomware attacks to and fully cooperate with law enforcement.

The Treasury's Office of Foreign Assets Control (OFAC) is more likely to resolve apparent sanctions violations involving ransomware attacks with a non-public enforcement response when affected parties take these proactive steps.

How Paubox can keep your healthcare organization safe from North Korea's ransomware threat

Paubox Email Suite Plus is the patented HIPAA compliant solution to protect your employees from malicious emails like phishing attacks and spam containing viruses , and  malware . Our  HITRUST CSF certified software flags suspicious emails and quarantines them safely away from employees' inboxes.

Paubox's innovative suite of  healthcare-specific tools protects your organization. ExecProtect provides patented security from display name spoofing attacks . 

DomainAge will spot emails with recently registered domain names and quarantine them. It also includes Zero Trust Email , which requires an additional layer of authentication before delivering an email.

Robust  inbound email security  is a necessity for companies these days. Paubox is always innovating and staying ahead of email security threats.

With patented technology developed specifically for healthcare, we are your ally in the war against cybercrime.

HITRUST CSF certified 4.9/5.0 on the G2 Grid Paubox sends 70 million HIPAA certified and secure emails every month.