Healthcare under attack: The rise of cyber counteroffensive

The healthcare industry is facing a growing threat from cyberattacks, with the recent rise of the Blackcat cyber counteroffensive. This sophisticated and relentless attack has targeted healthcare organizations, causing significant disruptions and compromising sensitive patient data.

What happened

The Blackcat cyber counteroffensive has caused widespread disruption in the healthcare sector. Federal agencies have confirmed that healthcare organizations have been extensively targeted since the DOJ's operation against ALPHV Blackcat. The attacks range from ransomware attacks to data exfiltration, compromising the integrity and confidentiality of sensitive patient information.

The backstory

The Blackcat cyber counteroffensive is a series of coordinated cyberattacks on healthcare organizations worldwide. It is believed to be led by a Russia-based ransomware group known as ALPHV Blackcat. The counteroffensive began after U.S. law enforcement successfully hacked into and seized the group's darknet website and infrastructure in December. In response, the cyberterror gang intensified their attacks on healthcare organizations, making them the primary target.

Going deeper

ALPHV Blackcat has used varied tactics to carry out its cyberattacks on healthcare organizations. One notable tactic is double-extortion, where data is first exfiltrated and then encrypted. This tactic puts pressure on the victims, as the cybercriminals threaten to release the stolen data if their demands are not met. The attackers have also denied using vulnerabilities like the ConnectWise ScreenConnect vulnerability to gain access, further complicating the detection and prevention of these attacks.

What was said

Bleeping Computer reported on Wednesday that, in a statement published on the Blackcat dark web leak site, the cybercriminals alleged that they stole 6TB of data, including data from the U.S. military's Tricare healthcare program, Medicare, CVS Caremark, MetLife, Health Net, and others, from the Change Healthcare network breach.

According to the article, Blackcat claimed to have medical, insurance, and dental records, along with payment and claims data and the personally identifiable information of patients and active U.S. military/navy personnel.

Why it matters 

The Blackcat cyber counteroffensive is part of a larger trend in the healthcare sector. The healthcare industry is an attractive target for cybercriminals due to the value of the data and its perceived vulnerabilities. The increasing reliance on digital systems and the interconnectedness of healthcare networks have created more entry points for attackers.