Tuesday 3rd January 2023

Threat intelligence weekly update | 30th December 2022

Key Issue: Ransomware groups increasingly compromise healthcare sector entities
Cybercriminals: Threat actors use increasing means to routinely target Exchange Servers
Nation-State: BlueNoroff incorporates new techniques to bypass security warnings

Ransomware groups increasingly compromise healthcare sector entities

This week we have reported on two separate ransomware compromises targeting healthcare entities in the US and Canada, including the compromises of the Lake Charles Memorial Health System (LCMHS) in Louisiana and Toronto’s Hospital for Sick Children.


The compromise of the LCMHS exposed personally identifiable information pertaining to almost 270,000 patients and was allegedly undertaken by Hive
Ransomware-as-a-Service group who published the alleged data stolen during the attack. In Toronto, the compromise of the Hospital for Sick Children affected several systems including phone lines, internal timekeeping system for payroll, the prescription system, and doctors’ ability to access lab and imaging results.

Healthcare entities are a high-value target for cybercriminals because not only are they more likely to comply with ransomware demands to provide essential services, but they also typically process large volumes of personally identifiable information that can be used in future operations or sold for a profit. We have seen a sizeable increase in our reporting of ransomware activity against the healthcare sector when compared to 2021, and we assess that 2023 will further underline the increasing nature of this trend.

Subscribe below to receive the full version.

Get our latest cyber intelligence insights straight into your inbox

Fill out the short form below to subscribe to our newsletter so that you never miss out on our cyber intelligence insights and news.