chevron-down Created with Sketch Beta.
November 04, 2022

Joint Cybersecurity Advisory: Daixin Team Targeting U.S. Businesses in the Healthcare and Public Health Sector

The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and HHS released a joint cybersecurity advisory providing information on a cybercrime group called “Daixin Team.” This cybercrime group is currently targeting U.S. businesses in the public health and healthcare sectors, using ransomware and other methods for extorting data. 

The Daixin Team deploys ransomware to encrypt servers that manage healthcare services, including diagnostic, imaging, and electronic medical record services. This group gains initial access through virtual private network (VPN) servers, particularly servers without multifactor authentication. The advisory details various tactics used to infiltrate vulnerable servers. 

To prevent Daixin Team and other malicious activity, the FBI, CISA, and HHS make numerous recommendations, including urging healthcare and public health sector organizations to promptly install updates for software, firmware, and operating systems; to secure and monitor Remote Desktop Protocol (RDP); to secure PII/PHI where it is collected; and to encrypt data, both in transit and at rest.

The material in all ABA publications is copyrighted and may be reprinted by permission only. Request reprint permission here.