FBI issues alert on notorious ransomware group that targeted radiology practice
The FBI and other agencies have issued a joint alert, warning healthcare providers and other entities about a notorious hacker group that recently targeted a radiology practice.
SimonMed Imaging confirmed last month it suffered an apparent cyberattack, interrupting infiltrators before data was encrypted. News website SuspectFile reported that Ransomware group Medusa had claimed responsibility for the breach, posting files online and demanding $1 million in cryptocurrency.
The FBI, Cybersecurity and Infrastructure Security Agency, and the Multi-State Information Sharing and Analysis Center are now warning others to watch out for Medusa. Its hackers have hit over 300 victims across industries including healthcare, education, legal, technology and manufacturing.
“This well-known foreign ransomware group has conducted high impact ransomware attacks against hospitals, resulting in disruption and delay to healthcare delivery and posing a risk to patient and community safety,” John Riggi, the American Hospital Association’s national advisor for cybersecurity and risk, said in a news update to members shared March 14.
Medusa is a ransomware-as-a-service variant used to conduct these attacks. It’s hackers employ common techniques such as phishing campaigns and exploiting unpatched vulnerabilities to target victims, the FBI et al. noted. The agencies are urging organizations to review the advisory and implement strategies to reduce the likelihood of an attack.
Recommendations include:
- Mitigating known vulnerabilities by ensuring operating systems, software, and firmware are patched and up to date within a reasonable time span.
- Segmenting networks to restrict lateral movement from initial infected devices to other items in the same organization.
- Filtering network traffic by preventing unknown or untrusted entities from accessing remote services on internal systems.
Last month, Scottsdale, Arizona-based SimonMed said it temporarily took systems offline until the situation was contained, and the practice also hired cybersecurity experts to ensure its systems remained safe. Patients later sued SimonMed on Feb. 21, claiming the 200-rad, 170-site practice failed to protect their information.
The cyberattack is one of several recently suffered by radiology practices over the past year. Pinehurst Radiology Associates in North Carolina reported a recent data breach, as did University Diagnostic Medical Imaging in the Bronx, New York.
Marty Stempniak has covered healthcare since 2012, with his byline appearing in the American Hospital Association's member magazine, Modern Healthcare and McKnight's. Prior to that, he wrote about village government and local business for his hometown newspaper in Oak Park, Illinois. He won a Peter Lisagor and Gold EXCEL awards in 2017 for his coverage of the opioid epidemic.