Daixin ransomware poses critical threat to healthcare, says AHA cyber chief

The American Hospital Association’s senior advisor for cybersecurity said the Daixin ransomware poses a significant risk to the healthcare sector. (U.S. Air Force)

Reports consistently note the rising risk to patient safety after a ransomware attack. But the most pressing variant facing healthcare is Daixin, a technologically advanced, stealthy, and long-lasting malware attributed to China, according to American Hospital Association’s Senior Advisor for Cybersecurity and Risk John Riggi.

Riggi spoke to sector leaders during a University of California San Francisco Stanford Center of Excellence in Regulatory Science and Innovation discussion on Tuesday, outlining the risk areas providers should be working to address into the foreseeable future.

He also had a stern warning for provider organizations still dragging their feet on implementing multi-factor authentication across the enterprise, particularly as threat actors continue to target critical infrastructure and supply chain partners in force.

“If we’re not doing MFA at this point, it would be hard to defend both civilly and regulatory the actions against you as it is a very, very basic technique at this point,” said Riggi. “The White House has implored us to implement basic cybersecurity procedures, which alone at a very low costs could prevent a significant portion of ransomware attacks.”

MFA should be at the top of the list for securing all remote access points into the organization, as the threat of ransomware and other cyberattacks continue to plague the sector and cyber insurance becomes less and less of a guarantee, he added.

Versions of Daixin have been used in attacks in various forms over the last decade, with researchers observing a resurgence of a refined variant in February 2022. Symantec described the threat “as the most advanced piece of malware” they’d ever seen from China-backed attackers. Daixin is used in both “smash-and-grab operations” and for stealthy operations.

The most prevalent goal of these attacks appears to be espionage, hijacking legitimate TCP/IP service and listening on port 80 for traffic patterns it can interpret as commands.

In healthcare, Daixin has claimed multiple victims that…