The Department of Health and Human Services (HHS) issued a report detailing how the Hive ransomware group has been aggressively targeting the United States health sector, and made recommendations for organizations to be aware of their operations and apply appropriate cybersecurity principles.

The group has been known to be operational since June 2021 but in that time has been very aggressive in targeting the U.S. health sector, the federal agency said.

The financially motivated ransomware group is known to maintain sophisticated capabilities and, like many other cybercriminals, encrypts and steals data from its victims. The Hive group uses many common ransomware tactics, including the exploit of remote desktop protocol or virtual private networks (VPNs), and phishing attacks. Some victims have received phone calls from the ransomware group to pressure them to pay and conduct negotiations, according to HHS.

Like many ransomware variants, Hive searches victims’ systems to delete backup data, which organizations often rely on to avoid paying a ransom. The group then terminates or disrupts them. This includes deleting shadow copies, backup files and system snapshots.

Read the Fierce Healthcare.