“Maui” ransomware is not about booking a Hawaiian getaway.
The U.S. health care and public health sectors remain choice targets for state-sponsored cyber attackers from North Korea, according to federal investigators.
The FBI, the Cybersecurity and Infrastructure Agency (CISA) and the U.S. Department of Treasury published a joint cybersecurity advisory (CSA) to warn health care providers about Maui ransomware, software used in multiple incidents since May 2021. The advisory came out of a strong partnership among the agencies, CISA Executive Director for Cybersecurity Eric Goldstein said in a news release.
“As the nation’s cyber defense agency, our team works tirelessly in collaboration with partners to publish timely information that can help organizations prevent and build resilience against all cyber threats,” Goldstein said. “This malicious activity by North Korean state-sponsored cyber actors against the healthcare and public health sector poses a significant risk to organizations of all sizes.”
The Maui ransomware encrypts servers responsible for services such as electronic health records, diagnostics, imaging and internal networks, sometimes causing disruptions for long periods, according to the CSA. The “initial access vector(s)” for the attacks is unknown, but the federal regulators expect more attacks.
“The North Korean state-sponsored cyber actors likely assume healthcare organizations are willing to pay ransoms because these organizations provide services that are critical to human life and health,” the CSA said. “Because of this assumption, the FBI, CISA, and Treasury assess North Korean state-sponsored actors are likely to continue targeting (health care and public health sector) organizations.”
The federal agencies discourage health systems from paying ransoms because it does not guarantee files and records will be recovered. However, health care providers should improve cybersecurity practices, report ransomware attacks to law enforcement, and cooperate with investigations.
The CSA included technical details about Maui encryption and recommendations to bolster cybersecurity for health care organizations:
CISA offers free resources online to improve cybersecurity for health care organizations.