The federal government in mid-April issued a strong warning and recommended practices to health care operators in connection with the Hive hacker group, which has been going after health facility networks aggressively. Hive has been active since last June, and studies show that it went after 355 companies in its first 100 days of operation; by Q3 of 2021, they were the fourth-most active threat actor against health care.
Why It Matters
Hive exploits several technical features that make their malware both difficult to detect and easy to provide to others -- the HHS alert about them refers to them as "Ransomware as a Service." In addition, Hive is selling data on the dark web as well as extorting victims both to unencrypt their infected systems and to prevent the sale of data.
Malware that encrypts a system or its data can significantly impair or even stop normal business operations. In addition, in the healthcare arena, access to a system by a threat actor may mean that a victimized facility also has to report a data breach of private health information. Having to jump through those hoops brings further business disruption and the potential for both PR implications and enforcement action/fines.