A new alert, via the HHS Cybersecurity Program, is reminding healthcare organizations about four Russian threat groups.
As the war continues in Ukraine, U.S. government departments continue to provide guidance to organizations on how to stay ahead of threats connected to Russia.
The United States Department of Health and Human Services (HHS) late last week issued an alert to U.S. healthcare organizations to familiarize themselves with four different threat groups that are posing a risk to healthcare systems.
What’s interesting is that none of the groups are new; the bulk of them have been around for several years – two of them for nearly two decades – but the fact that they’re continuing to pose a problem for defenders demonstrates both their persistence and effectiveness.
The groups covered in the alert include Turla, substantively linked to Russia’s FSB security service, APT29, aka Cozy Bear, widely believed to be connected to Russia’s SVR, APT28, aka Fancy Bear, attributed by the private sector by Russia’s military intelligence service, the GRU, and Sandworm, also connected to the GRU.
While the groups have largely targeted higher stakes entities in the government and energy industries – Turla hit U.S. Central Command in 2008, APT29 was ultimately linked to the 2020 SolarWinds attacks, and APT28 was behind the 2016 hack of the Democratic National Committee – they do have a few attacks that implicated the healthcare industry under their belts.
The NotPetya ransomware, created and propagated by Sandworm, took medical record systems at dozens of U.S. hospitals offline in 2017.
A year and