The group, also known as ALPHV and suspected to be the successor to BlackMatter, has demanded a ransom of up to $1.5 million with affiliates holding 80-90%, according to the Office of Information Security at Translation US Health and Human Services and Healthcare Cybersecurity. Coordination Center.
WHY IT IMPORTANT
Russian ransomware group allegedly attacked EHR provider NextGen on January 17, washington articles reported on Monday.
“The company says it appears that the hacker did not obtain any customer or patient data,” according to the report Parcel.
Healthcare IT News Have reached out to NextGen for comment and will update this story if it responds.
Claiming responsibility, BlackCat “posted a sample of the alleged NextGen information on its extortion site — often used to force victims to pay or risk further exposure — but subsequently removed the NextGen listing. ,” Databreaks.net First report on January 21.
According to a joint OIS and HC3 briefing earlier this month, the guys behind the BlackCat ransomware have out-of-the-box capabilities and are believed to be run by experienced cybercriminals.
While they attack critical infrastructure around the world and disrupt operations, like last month’s attack on a major Colombian energy supplier, the majority of the targets are based in the United States. USA.
In December, an analysis by HC3 said, “BlackCat is one of the first major ransomware variants developed using a rusty programming language, has a highly customizable feature set, and relies heavily on development capabilities. internally developed, under constant development and with upgrades.”
The bad guys use BlackCat for threefold extortion – unauthorized access, data theft, locking and then threat of data leaks and distributed denial of service attacks.
In July, Sophos reported that Blackcat ransomware attacks follow a consistent pattern, exploiting known access vulnerabilities, deploying access tools, and uploading data from the server to storage. cloud storage.
TREND TO BIGGER WOMAN
As we previously reported, the BlackMatter ransomware service went silent in October 2021 and early next year, BlackCat emerged as another brand with two attacks on German oil companies.
“Although the group appears to be retired, other actors looking for lucrative payouts from ransomware attacks will likely fill this void,” HC3 confirmed in September. 2 year 2022.
With ransomware attacks doubling in recent years, the impact on care cannot be underestimated. In a recent Ponemon Institute report, the most common impact providers were identified as an increase in patients being transferred to or diverted to other facilities, reported by 70% of those surveyed. close.
“NextGen Healthcare is aware of this complaint and we have worked with leading cybersecurity experts to investigate and remediate. We immediately contained the threat, secured our network, and are back up and running,” according to a statement sent to the company. Washington Post.
“Our forensic review is ongoing and to date, we have not discovered any evidence of customer or patient data access or theft. Privacy and security. Our customer information is of the utmost importance to us.”
Andrea Fox is the senior editor of Healthcare IT News.
Healthcare IT News is a publication of HIMSS.