HHS warns health care providers of new ransomware threat

ADA offers tips to help dentists protect data

Ransomware responsible for an increasing number of attacks in 2022 could pose a threat to the dental community.

The Health Sector Cybersecurity Coordination Center of the U.S. Department of Health and Human Services released information Dec. 7 about Royal, a human-operated ransomware first seen in 2022 that has demanded ransoms of more than $2 million.

"Due to the historical nature of ransomware victimizing the healthcare community, Royal should be considered a threat to the [health care and public health care] sector," the Health Sector Cybersecurity Coordination Center stated in its note posted to the HHS website.

Royal attacks impacting the health care sector have primarily targeted organizations in the U.S., and in each instance, the attackers claim to have published all of the data they allegedly extracted from the victim.

In addition to using attack methods frequently associated with ransomware, such as phishing; remote desktop protocol compromises and credential abuse; compromises of exploited vulnerabilities, such as VPN servers; and compromises in other known vulnerabilities, Royal has employed new techniques and evasion tactics, including embedding malicious links in Google ads, using an organization’s contact forum to bypass email protections and placing malicious installer files on legitimate-looking software sites.

The ADA offers several tips to help member dentists protect themselves against cyberattacks.

Steps include training staff on basic data security; backing up data regularly and keeping an encrypted copy off-site; being wary of attachments and web links included with suspicious emails; and maintaining cyber defenses, such as anti-virus and anti-malware software.

The ADA also offers continuing education courses on ransomware readiness and phishing and ransomware.