Curated, manually-vetted threat intelligence focused exclusively on ransomware groups, malware, and incidents targeting healthcare organizations. Updated by Code Blue Security as new intelligence is confirmed.
Known ransomware groups currently or recently targeting healthcare — TTPs, targeting patterns, and operational status.
aka Akira
Uses exploitation of exposed services, lateral movement, data exfiltration, and ransomware encryption with double-extortion.
Patch exposed services Enable MFA Restrict remote access Monitor logs Segment networks Maintain offline backups
aka Medusa started as RaaS in 2021
Uses exploitation of exposed services, credential dumping, lateral movement, data exfiltration, and ransomware encryption.
Patch exposed systems Enable MFA Restrict remote access Monitor logs Use network segmentation Maintain backups
Patch internet-facing systems Enable MFA Monitor logs for unusual activity Segment networks Maintain offline backups
Phishing for initial access, credential dumping, lateral movement, data exfiltration, ransomware encryption.
Known vulnerabilities, CVEs, and vendor advisories affecting healthcare systems — medical devices, EHRs, and clinical infrastructure. Includes patch status and recommended mitigations.
GE HealthCare — GE HealthCare Ultrasound Devices (multiple models)
This vulnerability affects GE HealthCare ultrasound systems used in clinical environments. An attacker with local access could escalate privileges, potentially allowing access to sensitive patient data or disruption of imaging device operation. Healthcare organizations should review vendor guidance and ensure affected devices are patched.
Apply vendor security updates as soon as possible Restrict local access to medical devices Place imaging systems on segmented networks Monitor device logs for unusual activity Follow GE HealthCare security advisory guidance
Book a free 30-minute consultation. No pitch — just clarity on where you stand.