U.S. federal authorities, through the Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center (HHS HC3), have issued a renewed warning to the healthcare sector concerning the increasing threats posed by the Akira ransomware group. This alert follows recent cyberattacks, with one specifically targeting an IT system used by emergency dispatchers in Bucks County, Pennsylvania, causing a significant disruption lasting over a week. The HHS HC3 emphasizes that Akira, operational since March 2023, has emerged as a substantial and concerning threat to both public and private healthcare sectors in the United States.
The Akira ransomware attacks, totaling around 81 victims globally, have seen a particular focus on U.S. organizations, especially in states like California, Texas, Illinois, and the Northeast. The targeted sectors extend beyond healthcare to include materials, manufacturing, goods and services, construction, education, finance, and legal industries. The recent incident in Bucks County, Pennsylvania, saw the Department of Emergency Communications’ computer-aided dispatch (CAD) systems offline for nine days. Despite not negotiating with the attackers or paying a ransom, the county is actively working on restoring affected systems.
Furthermore, the HHS HC3 suggests that the current Akira threat does not appear linked to a 2017 variant with the same name. However, it notes connections between the Akira ransomware-as-a-service group and the now-defunct Conti gang. The modus operandi involves exploiting vulnerabilities in VPN software and spear-phishing for initial access, followed by reconnaissance, credential acquisition, and the eventual deployment of ransomware. The federal alert advises healthcare organizations to implement measures such as multifactor authentication for VPNs, robust patch management, and monitoring for unusual activities to defend against Akira attacks.
