The Health Sector Cybersecurity Coordination Center (HC3) provides timely updates to the health care sector on cybersecurity threats and mitigation. In the last several weeks, HC3 has issued two alerts worth paying close attention to if you are in the health care sector.

The first, issued on June 18, 2024, warns of Qilin, aka Agenda Ransomware. According to the HC3 threat profile:

Qilin is a ransomware-as-a-service (RaaS) offering in operation since 2022, and which continues to target healthcare organizations and other industries worldwide. The group likely originates from Russia and was recently observed recruiting affiliates in late 2023. The ransomware has variants written in Golang and Rust and is known to gain initial access through spear phishing, as well as leverage Remote Monitoring and Management (RMM) and other common tools in its attacks. The group is also known to practice double extortion, demanding ransom payments from victims to prevent data from being leaked.

The threat actors using Qilin have claimed responsibility for more than 60 ransomware attacks already in 2024.

The second alert, issued on June 27, 2024, relates to a new critical vulnerability discovered in the MOVEit file transfer platform, which is used by many health care organizations. According to HC3, “exploit code is also available to the public, and this vulnerability is being actively targeted by cyber threat actors. All healthcare organizations are strongly urged to identify any vulnerable instances of MOVEit that exist in their infrastructure and patch them as a high priority.”

The vulnerabilities relate to improper authentication processes. Progress, the owner of MOVEit, identified the vulnerabilities in early June and has issued two patches to address them. Security firms have provided additional research on the vulnerabilities which is provided in the Alert. These vulnerabilities are capable of being exploited, and are actively being, exploited if they have not been patched. If exploited, a threat actor could gain access to the environment and cause data loss and compromise. This is considered a critical vulnerability, so assuring your organization has patched these vulnerabilities is crucial.

Photo of Linn Foster Freedman Linn Foster Freedman

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her…

Linn Freedman practices in data privacy and security law, cybersecurity, and complex litigation. She is a member of the Business Litigation Group and the Financial Services Cyber-Compliance Team, and chairs the firm’s Data Privacy and Security and Artificial Intelligence Teams. Linn focuses her practice on compliance with all state and federal privacy and security laws and regulations. She counsels a range of public and private clients from industries such as construction, education, health care, insurance, manufacturing, real estate, utilities and critical infrastructure, marine and charitable organizations, on state and federal data privacy and security investigations, as well as emergency data breach response and mitigation. Linn is an Adjunct Professor of the Practice of Cybersecurity at Brown University and an Adjunct Professor of Law at Roger Williams University School of Law.  Prior to joining the firm, Linn served as assistant attorney general and deputy chief of the Civil Division of the Attorney General’s Office for the State of Rhode Island. She earned her J.D. from Loyola University School of Law and her B.A., with honors, in American Studies from Newcomb College of Tulane University. She is admitted to practice law in Massachusetts and Rhode Island. Read her full rc.com bio here.

Read more about Linn Foster Freedman
Show more Show less