Health Sector Alerted by HHS of Cyberthreat Posed by Qilin Ransomware Group

The Health Sector Cybersecurity Coordination Center (HC3) of the Department of Health and Human Services has issued an advisory regarding Qilin, previously known as “Agenda,” a ransomware-as-a-service group that targets various industries, including healthcare. This group has been actively recruiting affiliates since late 2023 and has developed variants of the ransomware written in Golang and Rust, as reported by HC3. Qilin typically gains initial access through spear phishing attacks and exploits remote monitoring and management tools and other common cyberattack techniques. Additionally, they are known to engage in double extortion.

HC3 has noted that Qilin’s targeting strategy seems to be opportunistic rather than specific. Recently, the group was linked to a ransomware attack on a UK-based blood pathology and diagnostic services provider, resulting in significant disruption to the blood supply and patient care at major hospitals in London. As a result, surgeries and organ transplant procedures had to be canceled. The incident highlights the importance of identifying all life-critical and mission-critical third-party service and supply chain providers for hospitals and health systems. It is recommended that these organizations develop and test business continuity procedures, clinical continuity procedures, and supply chain resiliency measures to ensure they can sustain a loss of access to critical services and supplies for a period of 30 days or longer.

John Riggi, AHA national advisor for cybersecurity and risk, emphasized the need for healthcare organizations to be prepared for cyber threats that target health care delivery systems on a significant scale. For more information on cybersecurity and risk issues, including the latest threat intelligence, contact Riggi at jriggi@aha.org. To access additional cyber and risk resources, visit the AHA website at aha.org/cybersecurity.