HHS: New ransomware threat alert for healthcare

Editor's Note

On Friday, June 16, the Department of Health and Human Services (HHS) alerted the healthcare sector of a recent ransomware attack on a US cancer center that “reduced cancer treatment capability, rendered digital services unavailable, and threatened exposure of patient personal health information,” the American Hospital Association (AHA) June 20 reports.

According to the alert, the attack came from a ransomware-as-a-service group called TimiSoaraHackerTeam (THT). The group is “responsible for a recent high-impact ransomware attack that disrupted critical patient care and placed multiple patient lives at risk,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “This little-known group may have connections to Eastern Europe and China, according to cyber research firms, and may be linked to other ransomware groups known as DeepBlueMagic and APT 41.”

THT reportedly uses legitimate computer tools such as BitLocker, BestCrypt, remote desktop protocol, and known vulnerabilities in VPN services. According to Riggi, the current recommendation is “the described tools be immediately patched and closely monitored for unusual activity.”

This newest alert comes at the heels of the June 13 news from Fierce Healthcare regarding a rural Illinois hospital that has partially attributed its closure to a ransomware attack. St. Margaret’s Health, a regional network formed in 2021 when two hospitals (St. Margaret’s Hospital in Spring Valley and Illinois Valley Community Hospital) consolidated operations, is “scheduled to close all hospital, clinic and related facilities at both locations,” the article reported. Suzanne Stahl, chair of St. Margaret’s Health’s parent organization SMP Health, cited a ransomware attack in early 2021 that “prevented the hospital from submitting claims to commercial and public insurers” for a “minimum of 14 weeks” as one of the reasons behind the closure.