Black Basta Ransomware Group Accelerates Attacks on the Healthcare Sector

On May 10, 2024, the Federal Government issued a joint advisory as the Black Basta Ransomware Group continues accelerating attacks on the healthcare sector.

The Federal Bureau of Investigation (FBI) Cybersecurity and Infrastructure Security Agency, the U.S. Department of Health and Human Services (HHS), and Multi-State ISAC released a joint cybersecurity advisory to provide information on Black Basta. The Health-ISAC also issued a bulletin warning hospitals and other healthcare sector entities of a significant acceleration in cyberattacks by the Black Basta Ransomware Group.

Black Basta is a ransomware variant that has encrypted and stolen data from at least 12 out of 16 critical infrastructure sectors, including the Healthcare and Public Health (HPH) Sector. As of May 2024, Black Basta affiliates have impacted over 500 organizations globally.

Black Basta affiliates use standard initial access techniques—such as phishing and exploiting known vulnerabilities—and then employ a double-extortion model, both encrypting systems and exfiltrating data.

Healthcare organizations are attractive targets for cybercrime actors due to their size, technological dependence, access to personal health information, and unique impacts to hospital operations and patient care disruption.

The federal agencies urge organizations to apply the recommendations in the Advisory’s mitigations section to reduce the likelihood of compromise from Black Basta and other ransomware attacks.

Actions for critical infrastructure organizations to take today to mitigate cyber threats from ransomware:

  • Install updates for operating systems, software, and firmware as soon as they are released.
  • Require phishing-resistant MFA for as many services as possible.
  • Train users to recognize and report phishing attempts

This joint advisory provides tactics, techniques, and procedures (TTPs) and indicators of compromise (IOCs) obtained from FBI investigations and third-party reporting.

This alert highlights the healthcare industry’s continued and evolving threat landscape and the need for heightened security measures within the healthcare sector. If you have any questions and/or your customers need assistance, have them reach out or we can coordinate a meeting to discuss further.

Author: Jason Spezzano, Executive Cybersecurity Advisor | [email protected]

Contact Us

Reach out to our Cyber and Information Security Services Team for further information on how we can help your healthcare entity today.