A recently released report by Microsoft shows a cybersecurity group seemingly posing a risk to healthcare organizations.
On September 26, 2024, Microsoft’s Threat Intelligence team reported the emergence of a new ransomware threat actor known as Storm-0501. The group, active as early as 2021, started out targeting U.S sectors like government, manufacturing transportation, and law enforcement. This focus has changed recently to hospitals, raising concerns about potential threats to public safety and the cybersecurity of medical data.
According to the report, Storm-0501 employs advanced techniques like exploiting weak credentials and over privileged accounts to infiltrate both on premises and cloud environments. The group has been observed stealing credentials to gain control over networks and create persistent backdoor access to deploy ransomware. Once inside Storm-0501 follows the same script as most threat actors, they encrypt files and demand ransom payment for restoration.
In response to the rise in Cybersecurity threats like the Change Healthcare cyberattack and the increase in the targeting of health data, U.S. Senators Ron Wyden and Mark Warner have introduced the “Health Infrastructure Security and Accountability Act”. The legislation aims to improve cybersecurity in the American healthcare system.
In a press release, Wyden criticized healthcare megacorporations for failing to meet basic cybersecurity standards while Warner discussed the need for mandated protocols and resources for rural hospitals. The proposed bill would enforce minimum cybersecurity standards for healthcare entities, remove existing caps on fines for noncompliance, and provide funding for hospitals.
The Microsoft Threat Intelligence report provides, “Storm-0501 is the latest threat actor observed to exploit weak credentials and over-privileged accounts to move from organizations’ on-premises environment to cloud environments. They stole credentials and used them to gain control of the network, eventually creating persistent backdoor access to the cloud environment and deploying ransomware to the on-premises.”
In the press release for the “Health Infrastructure Security and Accountability Act,” Warner said, “Cyberattacks on our health care institutions threaten patients’ most private data and delay essential medical care, directly endangering Americans’ lives and long term health. With hacks already targeting institutions across the country, it’s time to go beyond voluntary standards and ensure health care providers and vendors get serious about cybersecurity and patient safety. I’m glad to introduce legislation that would mandate sensible cybersecurity protocols while also getting resources to rural and underserved hospitals to ensure they have the funding to meet these new standards.”
Related: HIPAA Compliant Email: The Definitive Guide
Unauthorized individuals gain access to sensitive or confidential data.
A type of malicious software that encrypts a victim's files and demands a ransom payment to restore access.
The unauthorized transfer of data from a computer or network.