Dive Brief:

• The HHS' Health Sector Cybersecurity Coordination Center is cautioning the healthcare industry that Venus ransomware operators are targeting remote desktop services to encrypt Windows devices. At least one health organization in the United States has been a victim, according to the cybersecurity center, also known as HC3.
• The warning comes on the heels of an extensive ransomware attack in October at CommonSpirit Health, one of the country’s largest healthcare organizations. CommonSpirit, which did not identify the type of ransomware that gained access to its system, was still working last week to restore some functions lost in the attack.
• The Venus ransomware, which began operating in mid-August, has breached systems worldwide, HC3 said in an analyst note. The report identifies indicators of the Venus variant and recommends a number of ways to protect against the ransomware.

Dive Insight:

Ransomware incidents are on the rise in the healthcare industry as attackers eye the vast stores of patient data collected by providers. Venus is the latest in a wave of threats that HHS has sounded the alarm over in the past year, with previous alerts focused on ransomware groups such as Daixin Team and Hive.

Ransomware attacks on healthcare organizations doubled last year, affecting two-thirds of those in a poll from Sophos, compared to 2020. The cybersecurity firm also found threats are increasing in complexity and impact.

Cyber threats to third parties such as medical device suppliers and supply chain vendors are also skyrocketing, the American Hospital Association has warned.

HC3 said the Venus ransomware will attempt to terminate 39 processes associated with database servers and Microsoft Office applications. To shield against such attacks, it is vital to put publicly exposed remote desktop services behind a firewall, the report said.

Also known as Goodgame, the ransomware uses algorithms to encrypt files and will append the “.venus” extension. In each encrypted file, a “goodgamer” file marker and other information are added to the end of the file.

HC3 recommends organizations implement a recovery plan to retain multiple copies of data and servers in a physically separate location; segment networks and password-protect offline backups of data; regularly update antivirus software; and immediately install updates and patches for operating systems, software and firmware.

The report also advises adding a banner to emails from outside the organization, disabling unused ports and hyperlinks in received emails, enforcing multi-factor authentication, using NIST standards for password policies and considering rate limiting to slow speeds at which attackers can guess logins.

Saying that cyber vulnerabilities increasingly threaten patient safety and leave organizations exposed to data theft, Sen. Mark Warner, chairman of the Senate Select Committee on Intelligence and a Virginia Democrat, released a white paper this month proposing regulatory requirements for health systems to improve cybersecurity.