“As these primarily Russian-speaking foreign ransomware gangs compete for victims to exploit in their own highly competitive criminal subculture, they are forced to evolve their attack techniques,” said John Riggi, AHA’s national advisor for cybersecurity and risk. “Here, the Clop ransomware gang has done so in a very sinister way — by infiltrating themselves into the normal clinical workflow between physicians and developing highly convincing phishing emails based upon the public profiles of clinicians. It is recommended that staff be educated to this latest tactic. It is also recommended that advanced email and endpoint malware protection and detection systems be deployed across the enterprise as a layer of defense to help counter this and all ongoing cyberthreats to hospitals and health systems.”
The Clop ransomware group has been sending health care facilities ransomware-infected medical files disguised to appear to come from legitimate doctors, then requesting a medical appointment in hopes they’ll open and review the documents, the Department of Health and Human Services alerted the health sector.