The following is not a paragraph from a story about fictional cybercriminals called Evil Corp. The following paragraph is from a white paper released this week by the U.S. Department of Health & Human Services because there is a criminal enterprise known as Evil Corp that poses a serious threat to the healthcare sector. Typographical errors in the original have been corrected:
Evil Corp should be considered a significant threat to the U.S. health sector based on several factors. Ransomware is one of their primary modi operandi, as they have developed and maintained many strains. Many ransomware operators have found the health sector to be an enticing target as, due to the nature of their operations, they are likely to pay some form of ransom to restore operations. Healthcare organizations are particularly susceptible to data theft as personal health information (PHI) is often sold on the dark web to those looking to leverage it for fraudulent purposes. Foreign governments often find it to be more cost effective to steal research and intellectual property via data exfiltration cyberattacks rather than invest time and money into conducting research themselves. This includes intellectual property related to the health sector. It is entirely plausible that Evil Corp could be tasked with acquiring intellectual property from the U.S. health sector using such means at the behest of the Russian government.
Download the Evil Corp Threat Profile at HHS.