• Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

HHS cybersecurity center notes “very aggressive” threat by Hive hacking group


Ransomware groups targeting health organizations, physicians’ offices.

HHS cybersecurity center notes “very aggressive” threat by Hive hacking group

The U.S. Department of Health and Human Services (HHS) is warning health care providers about an aggressive cybersecurity threat.

The HHS Heath Sector Cybersecurity Coordination Center (HC3) published an analyst note about Hive, known to be operation since June 2021 and “very aggressive in targeting the U.S. health sector.”

“Hive is an exceptionally aggressive, financially motivated ransomware group known to maintain sophisticated capabilities who have historically targeted healthcare organizations frequently,” the HC3 warning said. The center cited reports of Hive’s activities, including one that ranked Hive fourth most active among ransomware operators in the third quarter of 2021.

The HC3 note said Hive conducts double extortion, with data theft prior to encryption, and support it with a data leak site accessible on the dark web.

“They operate via the ransomware as a service (RaaS) model, which involves them focusing on development and operations of the ransomware and other partners/affiliates to obtain initial access to the victim infrastructure,” the HC3 note said.

Hive encrypted files end with a .hive, .key.hive or .key extension.

“Some victims have received phone calls from Hive to pressure them to pay and conduct negotiations,” the HC3 warning said. “Like some other ransomware variants, Hive searches victim systems for applications and processes which backup data and terminates or disrupts them. This includes deleting shadow copies, backup files, and system snapshots.”

HC3 also recommended prevention as the optimal defense against ransomware variants. Health care computer networks should use measures such as strong passwords and two-factor authentication, sufficiently backing up data and continuous monitoring.

HC3 published the Hive note on April 18.

The agency this month published a warning to health care systems about the hacking group known as Lapsus$. That group uses diverse techniques and has targeted large firms, including Microsoft.

In March, HC3 issued an alert about the ransomware group Conti, which “has aggressively targeted healthcare organizations since it was first observed in 2019.”

There were not specific or credible threats at the time, but HC3 said U.S. cybersecurity agencies fully expect Conti’s aggressive hacking to continue.

Related Videos
Kyle Zebley headshot
Kyle Zebley headshot
Kyle Zebley headshot
Michael J. Barry, MD
Hadi Chaudhry, President and CEO, CareCloud
Claire Ernst, JD, gives expert advice
Arien Malec