International Cyber Expo International Cyber Expo
  • About Us
Sunday, 19 July, 2026
IT Security Guru
International Cyber Expo
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

CISA Warns Health Organisations of Targeted Ransomware Attack by Daixin Hackers

It was reported earlier today, the U.S. cybersecurity and intelligence agencies published a joint advisory warning of attacks perpetrated by a cybercrime gang known as the Daixin Team primarily targeting the healthcare sector in the country.

by Guru Writer
October 28, 2022
in Cyber Bites
CISA Warns Health Organisations of Targeted Ransomware Attack by Daixin Hackers
Share on FacebookShare on Twitter

It was reported earlier today, the U.S. cybersecurity and intelligence agencies published a joint advisory warning of attacks perpetrated by a cybercrime gang known as the Daixin Team primarily targeting the healthcare sector in the country.

“The Daixin Team is a ransomware and data extortion group that has targeted the HPH Sector with ransomware and data extortion operations since at least June 2022,” the agencies said.

The alert was published Friday by the Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS).

Further to this, over the past four months, the group has been linked to multiple ransomware incidents in the Healthcare and Public Health (HPH) sector, encrypting servers related to electronic health records, diagnostics, imaging, and intranet services.

Also, it’s said to have exfiltrated personal identifiable information (PII) and patient health information (PHI) as part of a double extortion scheme to secure ransoms from victims.

It appears that one of those attacks was aimed at OakBend Medical Center on September 1, 2022, with the group claiming to have siphoned roughly 3.5GB of data, including over one million records with patient and employee information.

Additionally, it also published a sample containing 2,000 patient records on its data leak site, which included names, genders, dates of birth, Social Security numbers, addresses, and other appointment details, according to DataBreaches.net.

Earlier in the year, on October 11, 2022, it notified its customers of emails sent by “third-parties” regarding the cyber attack, stating it’s directly informing affected patients, in addition to offering free credit monitoring services for 18 months.

Observations show that per the new alert, initial access to targeted networks is achieved by means of virtual private network (VPN) servers, often taking advantage of unpatched security flaws and compromised credentials obtained via phishing emails.

In addition, upon gaining a foothold, the Daixin Team has been observed moving laterally by making use of remote desktop protocol (RDP) and secure shell (SSH), followed by gaining elevated privileges using techniques like credential dumping.

“The actors have leveraged privileged accounts to gain access to VMware vCenter Server and reset account passwords for ESXi servers in the environment,” the U.S. government said. “The actors have then used SSH to connect to accessible ESXi servers and deploy ransomware on those servers.”

Moreover, the Daixin Team’s ransomware is based on another strain called Babuk that was leaked in September 2021, and has been used as a foundation for a number of file-encrypting malware families such as Rook, Night Sky, Pandora, and Cheerscrypt.

Concerning mitigations, it’s recommended that organizations apply the latest software updates, enforce multi-factor authentication, implement network segmentation, and maintain periodic offline backups.

Commenting on the story is Oscar Miranda, Chief Technology Officer for Healthcare at Armis, as he claims that “many mistake ransomware attacks against healthcare providers as efforts to steal Protected Health Information (PHI) and other critical data; however, many launch these attacks purely to disrupt operations enough for organisations to pay to resume critical services. After all, it’s much more efficient and profitable for attackers to extort providers into paying a multi-million-dollar ransom to regain access to their operations than it is to exfiltrate and sell hundreds of thousands of individual health records on the black market.”

“With strained budgets, healthcare providers’ cybersecurity postures are being weakened in a trade-off that’s forcing them to make the tough decision to reallocate funds to areas believed to have the most direct impact on patient care. Yet, the unfortunate reality is that ransomware does impact patient care as well. This disconnect is what’s widening security gaps and worsening the issue across the board.”

“Take connected devices, for example. Hospitals rely on these devices to monitor patients and provide critical care. As such, these assets have become essential to the patient journey, but are the weakest security link in healthcare and serve as an attack vector for ransomware. This is exacerbated when hospitals lack the deep contextual visibility needed to secure these assets. In most cases, they are not even sure how many assets are on the network.”

“Healthcare leaders need to acknowledge these gaps and invest in cybersecurity that bridges them as a key element of ensuring patient safety.”

ShareTweet
Previous Post

Suspected Multimillion-Dollar Fraud Mastermind Arrest

Next Post

Android-Clicker Malware Garners Reaches 20 Million Downloads

Recent News

CISOs say boardrooms still don’t grasp the human cyber risk AI is supercharging

CISOs say boardrooms still don’t grasp the human cyber risk AI is supercharging

July 17, 2026
AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

AI Appreciation Day: Security Leaders Say the Celebration Needs an Asterisk

July 16, 2026
Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

Q&A: Businesses Are Running Out of Time to Prepare for the Quantum Threat, Warns Moona Ederveen-Schneider

July 15, 2026
Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

Proton Launches Business Continuity Service to Keep Firms Communicating Through Outages

July 15, 2026

Eskenzi PR banner ad

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2026 IT Security Guru - Website Managed by Dessol