According to federal authorities, Chinese and North Korean cybercriminal groups continue to be significant threats to the U.S. healthcare and public health sector. They engage in data exfiltration attacks involving espionage and intellectual property theft.

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center has identified APT41, APT43, Lazarus Group, and Thallium as the top threat actors. These groups are state-sponsored and pose unique cyber threats stemming from China and North Korea.

Chinese and North Korean cyber gangs are financially motivated and possess the sophistication of other cybercriminal gangs. What makes them particularly concerning is their access to the resources and support of their respective states.

Industry experts, such as Errol Weiss, Chief Security Officer at the Health Information Sharing and Analysis Center, agree with the assessment. APT41, APT43, and Lazarus Group are recognized as major cyber threats to the healthcare sector.

HHS states that China is the most powerful cyber power in Asia, with cybercrime groups often focusing on data exfiltration for economic development. Attacks in the healthcare sector target areas such as clinical medicine, genetics, biotechnology, neuroscience, and research and development.

APT41, a China-state sponsored group, demonstrates high levels of sophistication and innovation in targeting the U.S. health sector to support China’s own research and development efforts. Their tactics include supply chain compromises, compromised digital certificates, and Bootkit operations.

North Korean state-sponsored groups APT43 and Lazarus Group also pose significant threats to the healthcare sector. APT43 demonstrates moderate sophistication in social engineering, spear-phishing, and other techniques. Lazarus Group has been active for over a decade and focuses on espionage, intellectual property theft, financial fraud, and geopolitical issues.

HHS HC3 provides several recommendations for improving defense against these threats, including reviewing and securing various components of the network, regularly backing up data, implementing network segmentation, and maintaining multiple copies of sensitive data in separate locations.

It is also important to be vigilant of disinformation campaigns, particularly those originating from Russia and China, as they can negatively impact the provision of safe and effective healthcare when false information is accepted as fact.


Full Stack Developer

About the Author

I’m passionate about web development and design in all its forms, helping small businesses build and improve their online presence. I spend a lot of time learning new techniques and actively helping other people learn web development through a variety of help groups and writing tutorials for my blog about advancements in web design and development.

View Articles