These health care-centric attacks should put employers and their benefits partners on notice, as employees' personal health care information may be caught in the crossfire.

HHS is recommending several cybersecurity principles and practices to defend the sector from ransomware attacks and to watch out for things like:

• They conduct double extortion (data theft prior to encryption) and support this with their data leak site which is accessible on the dark web.
• They operate via the ransomware as a service (RaaS) model, which involves them focusing on development and operations of the ransomware and other partners/affiliates to obtain initial access to the victim infrastructure and they leverage Golang, a language used by many cybercriminals to design their malware.
• They leverage common (but effective) infection vectors such as RDP and VPN compromise as well as phishing.
• Their encrypted files end with a .hive, .key.hive or .key extension.
• Some victims have received phone calls from Hive to pressure them to pay and conduct negotiations.

The HC3 note says when defending against Hive or any other ransomware variant, there are standard practices that should be followed. Prevention is always the optimal approach. This includes but is not limited to the following:

• Use two-factor authentication with strong passwords – this is especially applicable for remote access services such as RDP and VPNs.
• Sufficiently backing up data, especially the most critical, sensitive and operationally necessary data is very important. According to HC3, "We recommend the 3-2-1 Rule for the most important data: Back this data up in three different locations, on at least two different forms of media, with one of them stored offline."
• Continuous monitoring is critical, and should be supported by a constant input of threat data.

Read more: 

• Cybersecurity and health care: where the concern lies
• Safeguarding Americans' health information: How do we get there?
• 5 things to do today to improve cybersecurity