View Expert Insights

May • 20 • 2024

BlackCat/ALPHV and Black Basta Ransomware


Marlene Icenhower, BSN, JD, CPHRM



Ransomware attacks are on the rise. Proactive strategies to mitigate cyber risk can help reduce exposure and limit liability.

The Federal Bureau of Investigation (FBI), the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) recently issued Joint Cybersecurity Advisories regarding ransomware variants and ransomware attacks. Ransomware is a type of malicious software that restricts access to data by encrypting files on the system’s hard drive and then demands payment of a ransom in exchange for the key to decrypt the data. Criminal actors may also threaten to expose sensitive data in connection with this cyberextortion attempt.

BlackCat/ALPHV and Black Basta ransomware attacks have impacted hundreds of organizations throughout the world, including healthcare organizations. Both variants gain access to data through phishing attempts, compromised credentials, and exploitation of other known security vulnerabilities. Once in the system, criminal actors quickly encrypt and exfiltrate data, then demand a ransom for the data’s return. 

Ransomware attacks can cause major disruption in the delivery of healthcare by impeding the flow of clinical information, creating delays in patient care, and disrupting portals. Unauthorized disclosure of protected health information (PHI) can result in violations of the Health Insurance Portability and Accountability Act (HIPAA), which may result in fines and penalties. The best way to protect your organization from these cybercrimes is by promoting employee vigilance, heightened security awareness, and preparation. Consider the following when reviewing your organization’s ability to thwart a ransomware attack.

Risk Management Recommendations 

  • Assess the risk. Criminal actors gain access to healthcare data by exploiting known vulnerabilities with deceptive practices, such as phishing. Conduct a risk assessment to understand the vulnerabilities that exist in your organization. Provide cybersecurity training in response to identified areas of risk. Train all users to identify and report all phishing attempts.
  • Prepare for attack. With input from an attorney and local law enforcement officials, create an organizational cyber incident response plan for common or targeted threats. Ensure that the plan provides specific guidance during crucial phases of a cyber incident – before, during, and immediately after the incident. Periodically review the plan to ensure that it is up to date. Train staff regarding their role in responding to a cyber incident and conduct simulations or drills on a regular basis.
  • Back up data. Ensure that all systems necessary for organizational operations are backed up regularly. Regardless of your chosen backup method, store backups separately from the main system and test backups on a regular basis. 
  • Optimize security software. Work with your IT department to optimize antivirus software and firewalls to protect against cyberattacks. Regularly update software to block new and emerging cyber threats before they cause harm. Install security updates to operating systems and security software immediately upon release. Require multifactor authentication for as many services as possible. 
  • Report attacks. Report all ransomware incidents to your local FBI field office. Prompt reporting provides the FBI with vital information that can prevent future attacks. In addition to reporting attacks to law enforcement, report ransomware incidents to your cyber insurance carrier immediately. Work with an attorney to understand you obligation to report ransomware attacks to state or regulatory agencies. 
  • Review insurance coverage. Meet with your insurance agent or broker to evaluate whether your existing insurance coverage is adequate. Ensure that you fully understand the provided coverage, policy terms, and resources available through your cyber insurance provider. 

Ransomware attacks are on the rise, especially in the healthcare arena. Proactive strategies to mitigate cyber risk can help reduce exposure and limit liability. 

Additional resources:

Copyrighted. No legal or medical advice intended. This post includes general risk management guidelines. Such materials are for informational purposes only and may not reflect the most current legal or medical developments. These informational materials are not intended, and must not be taken, as legal or medical advice on any particular set of facts or circumstances. 


  • Healthcare Trends