Feds Issue Alert on Black Basta Ransomware Targeting Healthcare


March 20, 2023

World map

The Health Sector Cybersecurity Coordination Center (HC3) issued an alert warning the healthcare sector of the continued threat posed by the Black Basta ransomware gang who has been observed targeting healthcare organizations.

"Black Basta's high-volume attacks in 2022 suggest that they will continue to attack and extort organizations," Beckers Health IT reports.  

"As ransomware as a service threat groups become more prolific, healthcare organizations should remain vigilant and strengthen their defenses against ransomware attacks. Organizations can take several multilayered actions to minimize their exposure to and the potential impact of a ransomware attack."

Takeaway: Ransomware gangs are ruthless and intent on bringing as much pain as possible in order to extract the largest payments possible, and unfortunately, that means they will continue to target those who are most susceptible to extortion. Patients seeking medical care and the organizations that provide it are probably the most vulnerable among us, and these threat groups have continued to target them with some of the most advanced tactics and techniques.  

Black Basta first emerged in the spring of 2022 and quickly became one of the most prolific attack groups with more than 100 known victims. The attacks display sophisticated security evasion and anti-analysis capabilities which hinder detection and investigation. Black Basta also employs a double extortion scheme and maintains an active leaks website where they post exfiltrated data if an organization declines to pay the ransom demand, so we can expect sensitive patient data to be exposed if the victim organizations do not acquiesce to the ransom demands.

With healthcare and other critical infrastructure providers remaining a top target, we recommend a robust prevention and resilience strategy to defend against ransomware attacks, including endpoint protection solutions, patch management, data backups, access controls, employee awareness training, and organizational procedure and resilience testing into all ransomware readiness plans.

Halcyon.ai is the industry’s first dedicated, adaptive security platform that combines multiple advanced proprietary prevention engines along with AI models focused specifically on stopping ransomware – talk to a Halcyon expert today to find out more.