#StopRansomware: Black Basta Poses Concerns for Health Care

May 14, 2024

A notorious ransomware group has set its sights on the health care sector.

Last week, several federal agencies released a joint advisory about Black Basta, a “ransomware variant whose actors have encrypted and stolen data from at least 12 out of 16 critical infrastructure sectors, including the Healthcare and Public Health (HPH) Sector.”

The emergence of another ransomware threat is the latest reminder of the ways bad actors are targeting health care. These issues have accelerated with the return of ALPHV Blackcat earlier this year.

“It is recommended that this alert be reviewed with high urgency and the identified ransomware signatures be immediately loaded into network defenses and threat hunting tools,” John Riggi, the American Hospital Association’s national advisor for cybersecurity and risk, said in a statement. ” It is also recommended that the identified cyber risk mitigation practices be implemented as soon as feasible.”

Here's what you need to know:

• About:  Black Basta uses phishing and other techniques to exploit known vulnerabilities. The group uses double-extortion models that encrypt systems and exfiltrate data.
  • The Russia-backed group will give victims 10 to 12 days to pay the ransom before publishing the data.
• What you can do:  The federal government recommends keeping operating systems and software updated; requiring phishing-resistant multi-factor authentication; training employees to identify phishing attempts; securing remote access software; and making backups of critical systems.
• Key guide:  Additional mitigations from the federal government are available online.
• In the news:  Earlier this month, Ascension reported a ransomware attack that had disrupted patient care and said it “will take time to return to normal operations.” The organization operates health care facilities in 11 states.
  • Media reports have linked the attack on the St. Louis-based health system with the Black Basta group.
• Bottom line:  “Health care organizations are attractive targets for cybercrime actors due to their size, technological dependence, access to personal health information, and unique impacts from patient care disruptions,” the advisory notes.

The joint advisory and information from the Health Information Sharing and Analysis Center are available online.

HAP continues to monitor the latest cybersecurity developments and provide updates to members. For more information, contact Jason Tomashunas, MS, CHEP, manager, emergency management.