The U.S. Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center, known as “HC3,” recently published an Analyst Note (Report: 202204181300) on the Hive ransomware group. 

HC3 described the Hive as “an exceptionally aggressive, financially-motivated ransomware group known to maintain sophisticated capabilities who have historically targeted healthcare organizations frequently.”  Hive is a well-known cybercrime group that has quickly established a reputation since June 2021, when it is known to have become operational.  HC3 cites a report that listed Hive as the fourth most active ransomware operative just months after it became operational.  One report credits Hive with attacking an average of three companies per day – breaching over 350 organizations in the first four months of known operation.  

According to HC3, the Hive uses standard practices amongst ransomware groups, but also has a “set of unique capabilities which make them especially noteworthy.” According to HC3, Hive’s operations include:

  1. Conducting double extortion (data theft before encryption);
  2. Supporting extortion activity with a data leak site on the dark web;
  3. Being involved in the development and operation of ransomware;
  4. Leveraging computer programming language often used by criminals (Golang);
  5. Encrypting files with a special extension; and
  6. Utilizing program searches for applications and processes that backup data and terminates or disrupts those processes.

“HC3 recommends the Healthcare and Public Health (HPH) Sector be aware of their operations and apply appropriate cybersecurity principles and practices found in this document in defending their infrastructure and data against compromise.”  In its Note, HC3 recommended several steps to assist entities with reducing the odds of cyber-attacks.  For example, HC3 reiterated the use of two-factor authentication with strong passwords, continuous monitoring, and following the “3-2-1 Rule,” which provides that data should be backed up in three different locations, on at least two different forms of media, with one of them stored offline.

While HC3 may not be in the public’s view as frequently as other agencies, it provides good information for entities in any industry, particularly the health care industry. HC3 was established in response to the Cybersecurity Information Sharing Act of 2015, which is a federal law that seeks to improve U.S. cybersecurity through enhanced information sharing about cybersecurity threats, and for other purposes. HC3, which falls under the HHS’ Office of the Chief Information Officer, is HHS’ “focal point for cybersecurity collaboration with the Healthcare and Public Health Sector.” One of its roles is to collaborate with the Healthcare and Public Health sector to identify and understand threats, including learning patterns and trends of adversaries and to communicate information to the Healthcare and Public Health Sectors to better defend against cyber threats. The HC3 website is located here and its Hive report can be read here.

The attorneys at Chilivis Grubman assist businesses of all types and sizes in connection with HIPAA-related matters, including breach response, breach notification, OCR investigations, and resulting civil litigation.  If you need assistance with such a matter, please contact us today.