On November 13, 2025, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), the Department of Defense Cyber Crime Center (DC3), the Department of Health and Human Services (HHS), and multiple international partners released an important update to the ongoing #StopRansomware advisory on Akira ransomware. This update includes new indicators of compromise (IOCs), updated attack methods, and recent activity from threat actors. The information is intended to help organizations better detect, prevent, and respond to this evolving ransomware threat.
Akira ransomware actors continue to primarily target small and medium-sized businesses but have also affected larger organizations, including those in healthcare and public health, education, financial services, food and agriculture, information technology, and manufacturing. Investigators note associations between Akira and groups identified as Storm-1567, Howling Scorpius, Punk Spider, and Gold Sahara, with potential ties to the now-defunct Conti ransomware operation.
The updated advisory highlights several important developments. In mid-2025, Akira attackers expanded the types of systems they can encrypt, allowing them to impact a wider range of technology environments than before. Federal agencies also estimate that Akira has brought in more than $244 million from ransomware attacks as of late September 2025, showing the group’s continued activity and success. In addition, Akira continues to use multiple versions of its ransomware tools, which gives the group flexibility in how they carry out attacks and makes detection more challenging.
Federal officials emphasized the seriousness of the threat and the need for immediate defensive action. CISA noted that during the recent government shutdown and the temporary lapse in the Cybersecurity Information Sharing Act of 2015, it remained committed to providing actionable information to critical infrastructure operators. The FBI reiterated the human impact behind these attacks, stressing that ransomware disrupts hospitals, schools, and businesses and urging organizations to quickly report intrusions to local FBI field offices.
CISA, the FBI, and partner agencies outlined several actions organizations should take now to reduce the likelihood and impact of Akira-related incidents. Recommended steps include:
- Prioritizing remediation of known exploited vulnerabilities.
- Enforcing phishing-resistant multifactor authentication.
- Maintaining regular offline backups of critical data and routinely testing data restoration processes.
You can access the press release here.
Compliance Perspective
Issue
Ransomware is an ongoing threat to healthcare organizations, with attackers targeting patient data, critical systems, and operational infrastructure. Social engineering tactics, such as phishing emails, combined with unpatched vulnerabilities, can give attackers initial access and lead to data breaches, service disruption, or financial loss. The healthcare sector is particularly vulnerable due to the sensitive nature of patient records and the critical need for uninterrupted care. Proactively addressing cybersecurity risks through comprehensive policies, staff education, and regular auditing is essential to protect both patients and organizational operations.
Discussion Points
- Review policies and procedures related to cybersecurity, data integrity, and incident response. Ensure these policies address protection against phishing, ransomware, and other malicious software. Working with a consultant can provide practical recommendations for strengthening policies, including tailored strategies for risk mitigation and preparedness for potential attacks.
- Provide ongoing staff education and training on cybersecurity best practices, including recognizing phishing attempts, safe handling of protected health information (PHI), and proper reporting procedures. Med-Net Academy offers the course Understanding and Preventing Ransomware, APTs, and Zero Day Exploit Attacks, which explains how ransomware operates, the potential consequences of an attack, why APTs and zero-day exploits pose serious risks in healthcare, provides real-world case studies, and outlines practical steps staff can take to protect systems and avoid infection.
- Periodically audit systems and staff practices to verify adherence to cybersecurity policies and identify vulnerabilities. Utilizing external expertise through mock surveys or targeted assessments can help highlight areas of weakness, ensure compliance with regulatory requirements, and guide development of effective corrective actions before an actual security incident occurs.
*This news alert has been prepared by Med-Net Concepts, Inc. for informational purposes only and is not intended to provide legal advice.*