• Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

‘Daixin Team’ cyberattackers threatening health care organizations with ransomware


HHS, FBI, CISA issue joint alert against online threat with tips to bolster computer security.

‘Daixin Team’ cyberattackers threatening health care organizations with ransomware

A cybercrime group is actively targeting health care and public health practices, according to a new joint alert from federal agencies.

“Daixin Team” has been hacking into health-care-related computer networks and using ransomware for data extortion since June, said the advisory from the FBI, the U.S. Cybersecurity and Infrastructure Security Agency, and the Department of Health and Human Services.

‘Daixin Team’ cyberattackers threatening health care organizations with ransomware

The FBI, the U.S. Cybersecurity and Infrastructure Security Agency, and the Department of Health and Human Services published this sample ransom note in their advisory about the “Daixin Team.” The hacking group has been targeting health care and public health organizations with ransomware attacks. The federal officials noted the name was spelled "Daxin Team" in this note.

The group has used ransomware to encrypt servers responsible for health care services, including electronic health records, diagnostics, imaging, and intranet services. The group also has exfiltrated personal identifiable information and patient health information, threatening to release the information if a ransom is not paid, the government alert said.

Daixin Team has gained initial access to victims through virtual private network servers. In one case, Daixin Team likely exploited an unpatched vulnerability in an organization’s VPN server.

In another case, the attackers used previously compromised credentials to access a legacy VPN server that did not have multifactor authentication enabled. The federal investigators believe the attackers acquired the VPN credentials using a phishing email with a malicious attachment.

Improve your cybersecurity

The CISA advisory has additional technical details, ransom note samples, and potential cybersecurity improvements online. The details deal with protecting against malicious activity, preparing for, mitigating, preventing, and responding to ransomware.

CISA recommends three actions to take today to mitigate cyber threats from ransomware:

• Install updates for operating systems, software, and firmware as soon as they are released.
• Require phishing-resistant MFA for as many services as possible.
• Train users to recognize and report phishing attempts.


For organizations that have been hacked, the FBI is seeking any information that can be shared, including boundary logs showing communications with foreign Internet addresses, sample ransom notes, communications with Daixin Group hackers, Bitcoin wallet information, decryptor files, or benign samples of encrypted files.

CISA maintains, a website with advisories, security measures, and steps to take if your company is hacked. Organizations should report ransomware incidents to FBI field offices or CISA.

Related Videos
Kyle Zebley headshot
Kyle Zebley headshot