[ Thursday, July 07, 2022 ]


Those Damned Norks!  Apparently, some North Korea-backed hacker groups are targeting healthcare entities with a relatively new ransomware variant called "Maui."  The FBI and CISA are apparently onto it, having issued a release recently warning of the Maui variant.  I'm not techie enough to be able to say for sure, but it looks like Maui is not best-in-class ransomware.  It does not auto-execute and does not come with an automatic ransom demand. It also does not look like it exfiltrates date; rather, it's simply ransomware (pay us for the decryption key or your data's lost forever), rather than ransomware + data theft (pay ransom, then pay us again not to dump your data on the dark web or otherwise expose it).  If so, then it's less a HIPAA threat from the breach perspective, but would still be a problem since it impacts the "availability" of PHI.  

Hat tip: Jed Morrison.

Jeff [2:10 PM]

Comments: Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template