North Korea is actively using ransomware to target healthcare

Featured image

Share this article

Female and male tech workers at computers wearing professional clothes with headsets on and on a phone, with female boss over their shoulders directing them on what to do on their monitors

CISA, the FBI, Department of Treasury, and Infrastructure Security Agency released a joint Cybersecurity Advisory yesterday to alert the public that North Korea is actively using ransomware to target healthcare.

In an ideal world, we would never have to issue another threat alert. But cyber actors are putting a massive strain on the health, well-being, and finances of U.S. citizens and private sectors. Our mission at Paubox is to ensure that healthcare organizations stay secure and HIPAA compliant through the most significant communication channel today: email. 

Let us help you with the heavy lifting of email cybersecurity, so you can focus on what you do best: taking care of people. Find out how.

CISA’s alert on the North Korean state-sponsored cyber actors

The FBI has observed and responded to multiple Maui ransomware incidents at healthcare and public health organizations. North Korean state-sponsored cyber actors used Maui ransomware in these incidents to encrypt servers responsible for healthcare services, including electronic health records, diagnostics, imaging, and intranet services. In some cases, these incidents disrupted the services the targeted HPH Sector organizations provided for prolonged periods. The initial access vector(s) for these incidents is unknown.

How to stop cyber actors from actively using ransomware to target healthcare

332 billion emails are sent daily; it takes one employee to respond to a single phishing email, and then cyber actors are in your organization. 90% of data breaches occur due to phishing, and employees receive an average of 14 malicious emails yearly. The healthcare risk is real. Data breach costs are now averaging $9.3 million per occurrence and worse impact the morbidity and health of U.S. patients. 

We urge our healthcare community to take these threats seriously and audit your cybersecurity. The complete list of CISA’s recommendations for the mitigation and indicators of compromise (IOCs) can be found here. 

Should you pay the ransom if your healthcare organization is attacked?

The FBI, CISA, and Department of Treasury highly discourage paying ransoms. However, files and records are not guaranteed to be recovered, and sanctions risks may be posed if a ransom is paid. In September 2021, Treasury issued an updated advisory highlighting the sanctions risks associated with ransomware payments and the proactive steps companies can take to mitigate such risks.

U.S. entities should adopt and improve cybersecurity practices. They also need to report ransomware attacks to and fully cooperate with law enforcement. The Treasury’s Office of Foreign Assets Control (OFAC) is more likely to resolve apparent sanctions violations involving ransomware attacks with a non-public enforcement response when affected parties take these proactive steps.

How Paubox can keep your healthcare organization safe from North Korea’s ransomware threat

Paubox Email Suite Plus is the patented HIPAA compliant solution to protect your employees from malicious emails like phishing attacks and spam containing viruses, and malware. Our HITRUST CSF certified software flags suspicious emails and quarantines them safely away from employees’ inboxes.

Paubox’s innovative suite of  healthcare-specific tools protects your organization. ExecProtect provides patented security from display name spoofing attacksDomainAge will spot emails with recently registered domain names and quarantine them. It also includes Zero Trust Email, which requires an additional layer of authentication before delivering an email.

Robust inbound email security is a necessity for companies these days. Paubox is always innovating and staying ahead of email security threats.

With patented technology developed specifically for healthcare, we are your ally in the war against cybercrime.

Try Paubox Email Suite Plus for FREE today.

HITRUST CSF certified
4.9/5.0 on the G2 Grid
Paubox sends 70 million HIPAA certified and secure emails every month.

Author Photo

About the author

Anne-Marie Sullivan

Read more by Anne-Marie Sullivan

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022