Russian cyberattack, Russian ransomware

Russian Cyberattacks Focus on Healthcare


Please support’s ability to deliver helpful news, opinions, and analyses by turning off your ad blocker.

Over the last three months, the information systems of at least four US healthcare organizations have been targeted by Russian cyberattacks. On August 24, 2022, the Health Sector Cybersecurity Coordination Center (HC3) cautioned that hackers known as the Karakurt gang were focused on the healthcare industry. The gang has links to the well-known Russian ransomware group, Conti.

The HC3 report recommends that the Public Healthcare Sector swiftly apply cyberattack prevention measures to intercept unwanted intrusions into their information systems. These Russian cyber threats were made known in March when President Biden issued a statement identifying the immediate danger of Russian-backed hackers.

Russian Ransomware Demands

The Russian cyberattack group, the Karakurt gang, appeared less than a year ago. They specialize in stealing data and demanding payment, or the data will be sold on the dark web or released publically. They demand payment in Bitcoin, with ransoms ranging from $25,000 to $13 million. Typically, the deadline for payment is only one week after the Russian ransomware hackers make their demands known. 

One of the most recent victims of this Russian ransomware is Methodist McKinney (Texas) Hospital. On August 19, 2022, the Russian ransomware group contacted the hospital to inform management that they had captured confidential information and were ready to release it into the public domain. The group had stolen 360 gigabytes of information, including financial data, protected patient information, contracts, social security numbers, and confidential financial documents.  

Healthcare Organizations & Russian Cyberattacks

Russian cyberattacks often access information systems using compromised user identities. In response to the increase in Russian ransomware attacks, the Cyber and Infrastructure Security Agency and the NIST Cybersecurity Framework offer advice on prevention, mitigation, and recovery from such Russian as well as other cyberattacks.

A cybersecurity recommendation stemming from this and previous security attacks include:

  • Employees only get access to the information needed to do their jobs.
  • Using strong passwords and dual authentication.
  • Emails with links to external websites can also be problematic. The links should be disabled and employees educated on the dangers of external links.
  • When employees leave a company, offboarding procedures to close all access to passwords must be swift.
  • The organization should have contingency plans in case of any cyberattacks, including Russian cyberattacks. 

If a provider or provider group is unaware of these issues, the time to get informed is now.

HIPAA Compliant Cybersecurity for Professionals

Must-know information about how to protect your telehealth practice from a ransomware attack. Operate w/ EYES WIDE OPEN.

Disclaimer: offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to Privacy Policy and Terms and Conditions.

Notify of
Oldest Most Voted
Inline Feedbacks
View all comments
6 months ago

Your title implies the attacks are by the Russian Government but a closer read seems to say it is a private criminal group. If a private criminal group in the US attacks a company in a foreign country would you title that America cyberattacks France? You have lost credibility with me since you seem to prey on the current anti-Russian sentiment.

Would love your thoughts, please comment.x