On October 23, 2024, the HHS Cyber Security Operations Cyber Threat Intelligence Branch released a list of notable cyber threat actors, including Advanced Persistent Threat (APT) groups and ransomware organizations that continue to target essential sectors.
During the recent Safeguarding Health Information: Building Assurance through HIPAA Security conference held by the HHS Office for Civil Rights and the NIST Information Technology Laboratory, the HHS Cyber Security Operations identified several prominent threat actors.
Their list includes Advanced Persistent Threat (APT) groups like APT28, also known as Fancy Bear, a Russian group known for its espionage efforts targeting military, government, and election systems. Their involvement in the 2016 U.S. election compromised SolarWind’s software update system, where “they gained unprecedented access to U.S. government agencies and corporations.”
Ransomware groups such as LockBit 3.0 and BlackCat have also been flagged for their evolving tactics, with LockBit’s 2021 attack on Accenture “[showcasing] their audacity in targeting high-profile corporations.”
The Lazarus Group from North Korea has gained notoriety for targeting financial institutions, as evidenced by their nearly $1 billion heist attempt on Bangladesh's central bank in 2018. Meanwhile, the Chinese group APT41 combines espionage with cybercrime, “targeting sectors like healthcare and telecommunications.”
During the conference, HHS Cyber Security Operations Cyber Threat Intelligence Branch Chief Rahul Gaitonde stated, “Global attacks have become more targeted, with a significant rise in zero-day vulnerability exploitation.”
Gaitonde also noted the impact of geopolitical tensions where “State-sponsored cyberattacks are increasingly targeting critical infrastructure and supply chains.”
Advanced Persistent Threats (APT) often involve state-sponsored actors motivated by espionage, while ransomware groups operate for financial gain. Recognizing these differences can help organizations develop targeted defense strategies.
Go deeper: How to manage persistent threats and zero-day vulnerabilities
With the continued rise in cyberattacks, understanding the motivations and methods of these actors can inform strategic decisions and improve organizations’ security posture. Moreover, this announcement urges organizations to strengthen their cybersecurity measures and remain vigilant against emerging threats.
Related: How the NIST Cybersecurity Framework relates to HIPAA compliance
A zero-day vulnerability is a security flaw unknown to the software or system vendor, leaving them with ‘zero days’ to prepare a response. These vulnerabilities can exist in any application, operating system, or connected device.
Yes, state-sponsored cyberattacks cause serious disruptions to health systems, compromising patient privacy and security.
Healthcare organizations must do regular risk assessments, invest in advanced security measures, and use a HIPAA compliant communication platform like Paubox to secure protected health information (PHI).
Additionally, they should train staff on cybersecurity awareness and develop an incident response plan to counter potential cyberattacks.
Learn more: HIPAA Compliant Email: The Definitive Guide