The Health Sector Cybersecurity Coordination Center (HC3) provides timely updates to the health care sector on cybersecurity threats and mitigation. In the last several weeks, HC3 has issued two alerts worth paying close attention to if you are in the health care sector.

The first, issued on June 18, 2024, warns of Qilin, aka Agenda Ransomware. According to the HC3 threat profile:

Qilin is a ransomware-as-a-service (RaaS) offering in operation since 2022, and which continues to target healthcare organizations and other industries worldwide. The group likely originates from Russia and was recently observed recruiting affiliates in late 2023. The ransomware has variants written in Golang and Rust and is known to gain initial access through spear phishing, as well as leverage Remote Monitoring and Management (RMM) and other common tools in its attacks. The group is also known to practice double extortion, demanding ransom payments from victims to prevent data from being leaked.

The threat actors using Qilin have claimed responsibility for more than 60 ransomware attacks already in 2024.

The second alert, issued on June 27, 2024, relates to a new critical vulnerability discovered in the MOVEit file transfer platform, which is used by many health care organizations. According to HC3, “exploit code is also available to the public, and this vulnerability is being actively targeted by cyber threat actors. All healthcare organizations are strongly urged to identify any vulnerable instances of MOVEit that exist in their infrastructure and patch them as a high priority.”

The vulnerabilities relate to improper authentication processes. Progress, the owner of MOVEit, identified the vulnerabilities in early June and has issued two patches to address them. Security firms have provided additional research on the vulnerabilities which is provided in the Alert. These vulnerabilities are capable of being exploited, and are actively being, exploited if they have not been patched. If exploited, a threat actor could gain access to the environment and cause data loss and compromise. This is considered a critical vulnerability, so assuring your organization has patched these vulnerabilities is crucial.