Cybersecurity warning

HC3 Warns Health Care Organizations About Potential Lapsus$ Attacks

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center has issued a warning about potential cyberattacks from the Lapsus$ ransomware group.

According to the TLP white warning, the hacking group’s motivations are likely financial gain and destruction, and they use bribery and non-ransomware extortion against high-profile organizations. HC3 also noted that the organization may be made up of young operators who do not use overly sophisticated tools.

The center highlighted the group’s attack on identity management service provider Okta in January because of its implications on the health care sector. During the attack, Laspus$ posted screenshots of Okta’s internal resources and potentially acquired a list of domain passwords from one of its customers, HealthITSecurity reported.

The hacking group was also able to use distributed attack vectors to compromise multiple Okta customers in a single attack. The operation was similar to the SolarWinds hack and the Log4Shell vulnerability exploit.

HC3 has urged health care organizations to remain on high alert against the hacking group. Entities must also assume that Lapsus$ will steal data for extortion purposes, target managed service providers and look for targets of opportunity.

HC3 also pointed out that even as law enforcement agencies try to crack down on the group’s operations, members will still operate under the same group or other organizations. The group’s diversity also makes it for law enforcement to completely stop its operations, and the diversity of its tactics makes Lapsus$ hard to detect.

Health care organizations should also implement multi-factor authentication, private virtual networks, zero trust security and network segmentation.