25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

North Korean Hacker Indicted for Ransomware Attacks on U.S. Hospitals and Healthcare Orgs

Posted By on Jul 26, 2024

A North Korean government hacker has been indicted for his involvement in Maui ransomware attacks on U.S. hospitals and healthcare organizations. The U.S. State Department is offering a reward of up to $10 million for information that leads to his capture.

Rim Jong Hyok is a member of the Andariel (APT45), a North Korean hacking group that has been in operation since at least 2009. The hacking group conducts activities as part of North Korea’s cyber defensive operations, primarily targeting military and government personnel. The group’s primary aims are espionage and data theft, especially the theft of sensitive defense and technology data. The hacking group also conducts financially motivated ransomware attacks to obtain funds to support its cyber campaigns, including ransomware attacks on U.S. hospitals and healthcare providers.

Hyok was indicted by a grand jury in the U.S. District Court, District of Kansas on Wednesday and has been charged with one count of conspiracy to knowingly cause the transmission of a program, information, code, and command to intentionally cause damage to a protected computer with the intent of extorting money and one count of conspiracy to commit money laundering. Hyok has also been added to the Federal Bureau of Investigation (FBI) Most Wanted list.

The charges relate to Hyok’s involvement in Andariel’s hacking activities between May 2021 and April 2023 on critical infrastructure entities, including hospitals and other healthcare organizations. The Andariel hacking group has conducted ransomware attacks on five healthcare providers, four US-based defense contractors, two US air force bases, and the National Aeronautics and Space Administration’s Office of Inspector General. Hyok and other Andariel hackers gained unauthorized access to those networks, installed Maui ransomware, and attempted to extort ransoms. The ransom payments were then used to fund further malicious cyber operations targeting U.S. government entities and US and foreign defense contractors.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

In the attacks on healthcare providers, computers and servers were encrypted that were used for medical testing and electronic medical records. The encryption caused major disruption to healthcare services, including at an unnamed Kansas hospital in 2021. In that attack, the hospital paid a ransom of $100,000 to recover the stolen data. In a briefing on Thursday, officials from the FBI and Department of Justice confirmed that those funds have since been recovered and will be returned. In an attack on a U.S. defense contractor, more than 30GB of data was stolen, including unclassified information on military aircraft and satellites.

“Rim Jong Hyok and his co-conspirators deployed ransomware to extort U.S. hospitals and health care companies, then laundered the proceeds to help fund North Korea’s illicit activities,” said FBI Deputy Director Paul Abbate. “These unacceptable and unlawful actions placed innocent lives at risk. The FBI and our partners will leverage every tool available to neutralize criminal actors and protect American citizens.”

“Today’s criminal charges against one of those alleged North Korean operatives demonstrates that we will be relentless against malicious cyber actors targeting our critical infrastructure. This latest action, in collaboration with our partners in the U.S. and overseas, makes clear that we will continue to deploy all the tools at our disposal to disrupt ransomware attacks, hold those responsible to account, and place victims first,” said Deputy Attorney General Lisa Monaco.

The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and other partners in the US, UK, and South Korea, issued a joint cybersecurity advisory about the hacking group on July 25, 2024, and warned that the group poses a significant and ongoing threat to a wide range of sectors worldwide. Critical infrastructure entities have been advised to implement the mitigations detailed in the alert.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist