Hospitals warned of accelerating attacks on health care by Black Basta ransomware group

In an urgent May 10 Threat Bulletin (TLP: White), the Health Information Sharing and Analysis Center issued a warning to hospitals and other health care sector entities of a significant acceleration in cyberattacks by the Black Basta ransomware group. Black Basta uses double extortion tactics by first encrypting victims' data and then threatening to leak sensitive information on their Tor public leak site.

AHA members received a Cybersecurity Advisory with details on the threat, along with technical mitigation recommendations. Hospitals are urged to share this information with their IT and cyber infrastructure teams.

"Recent actionable threat intelligence provided by our partners in the Health-ISAC and government agencies indicate that this known Russian-speaking group is actively targeting the U.S. and global health care sector with high-impact ransomware attacks designed to disrupt operations," said John Riggi, AHA's national advisor for cybersecurity and risk. "It is recommended that this alert be reviewed with high urgency and the recommended technical mitigations be put in place. We anticipate additional threat intelligence in the near term, which will be further disseminated to the field."

If you have further questions, please contact Riggi at [email protected].