Issue link: https://beckershealthcare.uberflip.com/i/1468176
36 CIO / HEALTH IT Ransomware group operates like regular company, with HR department, 'employee of the month' By Naomi Diaz L eaked documents show that ransomware group Conti operates like a regular com- pany, with salaried workers, bonuses, performance reviews and even "employees of the month," CNBC reported April 13. A series of leaked documents published Feb. 28 has revealed the internal structures of Con- ti, a Russian-affiliated group identified by the FBI as one of the most prolific ransomware groups of 2021. Here's what the documents say: • Conti has clear management, finance and human resource functions, along with a clas- sic organizational hierarchy with team leaders that report to upper management. • Conti has physical offices in Russia, and may have ties to the Russian government. • e group has salary workers, some of which are paid in bitcoin. • Negotiators receive commission from ran- soms ranging from 0.5 percent to 1 percent. • Conti has an employee referral system, in which bonuses are given to employees who've recruited others who worked for at least a month. • An employee of the month earns a bonus equal to half their salary. • Conti hires from Russian headhunting ser- vices, and the criminal underground. • Some employees may not know that they are working for a cybercriminal group, as Conti tells candidates that they are an adver- tising group. e Russian government has denied that it takes part in cyberattacks. n HHS sounds alarm on 'exceptionally aggressive' ransomware group By Naomi Diaz T he HHS Cybersecurity Program issued an alert April 19 to healthcare providers warning them to defend against Hive, the "exceptionally aggres- sive" ransomware group. Four things to know about the cyber group, according to the warning: 1. The group uses many common ransomware tactics, in- cluding the exploit of remote desktop protocol or VPN, and phishing attacks, in addition to more aggressive methods like directly calling the victims to apply pressure and negotiate ransom payments. 2. Other tactics deployed by the group include searching the victim's systems that are tied to backups and either terminating or disrupting those connections, deleting shadow copies, backup files and even system snapshots. 3. Hive also conducts double extortion and supports this with their data leaks site, while operating as a ransom- ware-as-a-service model. 4. In total, Hive has claimed attacks on approximately 355 companies within 100 days of operations. HHS is urging healthcare organizations to increase its preventive security measures, such as two-factor authen- tication, strong passwords, sufficient backups of the most critical data and continuous monitoring. n Antitrust advocates are worried about Amazon's telehealth push By Georgina Gonzalez A host of deals made by Amazon signal the tech gi- ant's ambitions in telehealth, raising alarm bells for antitrust advocates who fear Amazon will dominate the market, Politico reported March 30. Amazon in February inked a deal with Teladoc to allow the service to be used through Alexa, and also expanded its own telehealth services nationwide. Idris Adjerid, PhD, a Virginia Tech professor of business in- formation technology, told Politico that Amazon's ability to integrate services across its multiple offerings provides a competitive advantage. Its history of dominating key mar- kets and leveraging its power makes antitrust advocates worry about its potential in telehealth. Stacy Mitchell, antitrust advocate co-director of the Institute for Local Self-Reliance, is concerned about Amazon's moves. She told Politico that if Amazon begins successfully doing business in healthcare and telehealth, dominating the mar- ket, they could potentially disadvantage those who rely on their business, thus violating antitrust laws. Amazon is also losing a lot of money through its healthcare ventures, but given its behemoth power in e-commerce and cloud computing, it can afford to, said Ms. Mitchell. An Amazon spokesperson didn't comment on the antitrust advocate concerns, but did cite their commitment to keep- ing patient data private, saying; "any protected health infor- mation you share with Teladoc will be handled pursuant to HIPAA and Teladoc's Notice of Privacy Practices." n