Security Alert: Ransomware Vendor Attack Disrupts Services

Security Alert:  Ransomware Vendor Attack Disrupts Services

Ransomware threat actors are continuing to target the healthcare sector. In the last Within the past month, four hacking groups have posted data allegedly stolen from nine healthcare providers, while an attack on a vendor disrupted care at two cancer treatment facilities.

Earlier this month, a ransomware attack on vendor Elekta drove two of its providers offline, A spokesperson told HealthITSecurity.com that the attack on its cloud-based systems was detected in the early hours of April 6.

“This issue was only isolated to a subset of US Cloud Customers due to our Geographical and Service Segmentation in Cloud Services,” an Elekta spokesperson said in an emailed statement. “No other Elekta servers, services or products have been affected. This appears to have been a ransomware attack intended to encrypt the data stored on this system,” they continued. “There is no evidence that any data were extracted or copied, and we do not believe that the hackers have any of the stored data in their possession.”

Attackers have been actively targeting vulnerabilities in the system for more than a year to gain access to networks. Cobalt Strike was most recently used in the supply chain attack against SolarWinds Orion.

Elekta has since isolated the account and server, and contained the threat. The team will continue to perform a forensic review to find the source of the attack.

Read article in its entirety for more information on current data exfiltration attempts.

How You Can Protect Yourself And Your Organization:

Healthcare entities, which are prime targets given their access to sensitive data stores, as well as the need for continual data access - should review previous ransomware guidance to close any security gaps. Data inventories and patch management processes should also be assessed, as threat actors continue to exploit vulnerable endpoints to gain access to networks.


Leave a comment!

All fields marked with an asterisk* are required.