Qilin, a ransomware-as-a-service group that targets various industries, including healthcare, has been actively recruiting affiliates since late 2023. This group has developed variants of the ransomware written in Golang and Rust and gains initial access through spear phishing attacks and exploits remote monitoring and management tools and other common cyberattack techniques. Recently, Qilin was linked to a ransomware attack on a UK-based blood pathology and diagnostic services provider, resulting in significant disruption to the blood supply and patient care at major hospitals in London. As a result, surgeries and organ transplant procedures had to be canceled.
The Health Sector Cybersecurity Coordination Center (HC3) of the Department of Health and Human Services has issued an advisory regarding this threat. HC3 has noted that Qilin’s targeting strategy seems to be opportunistic rather than specific. However, their recent attack on a UK-based blood pathology and diagnostic services provider highlights the importance of identifying all life-critical and mission-critical third-party service and supply chain providers for hospitals and health systems.
To ensure they can sustain a loss of access to critical services and supplies for a period of 30 days or longer, it is recommended that these organizations develop and test business continuity procedures, clinical continuity procedures, and supply chain resiliency measures. John Riggi, AHA national advisor for cybersecurity and risk, emphasized the need for healthcare organizations to be prepared for cyber threats that target health care delivery systems on a significant scale. For more information on cybersecurity and risk issues, including the latest threat intelligence
