HHS Warns of New Ransomware Group Targeting Healthcare Facilities

Royal has been targeting healthcare networks.

By Mackenna Moralez
December 13, 2022

The U.S. Department of Health and Human Services has issued a warning to hospitals and other healthcare facilities regarding Royal, the latest ransomware group to attack facilities

Royal has become an increasing threat to the healthcare sector. Royal-based attacks have steadily grown over the last three months, according to the notice. Ransom demands have ranged between $250,000 to over $2 million. 

The group first emerged in September and appears to not have any other affiliates. Royal appears to be financially motivated and has exfiltrated sensitive data, leaving healthcare facilities to be seen as vulnerable. The group uses Cobalt Strike tactics to harvest credentials from healthcare networks, according to the notice. The U.S. Department of Health & Human Services warns that the ransomware tactic is spreading and urges facilities to remain vigilant. 

With the increase of cybersecurity attacks against healthcare facilities, the FBI has recommended the following protocols to help lower the risk of a breach:  

  • Have a contingency plan in place.  
  • Keep all operating systems up to date.  
  • Implement a user training program and phishing exercises.  
  • Require strong, unique passwords for all accounts with password logins.  
  • Require multi-factor authentication.  
  • Maintain offline —  i.e., physically disconnected — backups of data, and regularly test backup and restoration.  
  • Ensure all backup data is encrypted.  
  • Protect cloud storage by backing up to multiple locations, requiring MFA for access, and encrypting data in the cloud. 

Mackenna Moralez is the associate editor for the facilities market. 

See the latest posts on our homepage Share

Topic Area: Information Technology , Security

Recent Posts
Recent Posts

California Funds Security for Reproductive Health Facilities

Grants will fund physical and digital security enhancements at healthcare facilities and practitioner offices that might be the target of violence and vandalism.


Methodist Hospital Emergency Department Doubles in Size

The three-year project saw the renovation and expansion of the Methodist Hospital Emergency Department completed.


UCLA Health Alerts Patients of Compromised Data

An analytics tool may have captured and transmitted health data to the third-party service providers.


Healthcare Facilities Embrace Modular Construction

Healthcare facilities have leaned on modular construction for quick builds with less waste.


UPMC Western Behavioral Health Opens New Facility to Increase Community Access

The new facility will expand UPMC’s behavioral health services.



News & Updates • Webcast Alerts • Building Technologies

All fields are required.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

You Might Like