Ransomware is a major threat to every industry. In recent years, hackers have increasingly targeted companies with ransomware, locking their data unless a ransom is paid. In some cases, they also threaten to leak the stolen data online if the company refuses to comply, as seen in the UnitedHealth breach, where hackers reportedly demanded $22 million. 

However, ransomware attacks are not limited to companies. 

According to the latest FBI warning, they also target employees, particularly corporate executives. 

The agency cautions that cybercriminals are sending extortion letters, threatening to release victims’ sensitive information unless a ransom is paid.

STAY PROTECTED AND INFORMED! GET SECURITY ALERTS & EXPERT TECH TIPS – SIGN UP FOR KURT’S ‘THE CYBERGUY REPORT’ NOW

What you need to know

The FBI is warning businesses, particularly those in the healthcare sector, about a scam involving physical ransom letters sent via the U.S. Postal Service. These letters, falsely claiming to be from the ransomware group BianLian, demand Bitcoin payments ranging from $150,000 to $500,000 in exchange for not leaking supposedly stolen data.

Marked with “TIME SENSITIVE READ IMMEDIATELY,” the letters allege that the attackers gained access through social engineering and exfiltrated sensitive files. However, no proof is provided, and investigations have found no signs of actual ransomware intrusions in affected organizations. The letters appear to be templated, with only minor variations, and include a QR code linked to a Bitcoin wallet. Some also feature a compromised password, likely to make the threat seem more credible.

WHAT IS ARTIFICIAL INTELLIGENCE (AI)?

Sent from Boston with U.S. flag stamps, these letters differ significantly in tone and wording from known BianLian communications. Authorities believe this is a fear-based scam designed to trick organizations into paying a ransom for a breach that never happened.

DATA REMOVAL DOES WHAT VPNS DON’T: HERE’S WHY YOU LIKELY NEED BOTH

Healthcare industry needs to work on cybersecurity

Ransomware is hitting healthcare harder than ever. It is now the third-most targeted industry after finance and manufacturing, with attacks rising more than 32% from 2023 to 2024. These attacks do not just put data at risk. They also disrupt hospitals, slow down care and create chaos for doctors and patients.

The Ascension cyberattack in May 2024 is a clear example. Hackers locked medical staff out of critical systems, shut down phone lines and blocked tools needed for tests, procedures and medications. At first, the breach was reported with an estimated 500 affected individuals, but by December, that number had jumped to nearly 5.6 million.

UnitedHealth’s Change Healthcare unit experienced a massive data breach in February 2024 that further highlighted the vulnerability of the sector. Initially reported to have affected around 100 million people, the number later grew to 190 million, making it the largest medical data breach in U.S. history. 

This breach affected nearly half of the country’s population. UnitedHealth attributed the attack to ALPHV/BlackCat, a Russian-speaking ransomware group that later claimed responsibility for the attack before being dismantled by law enforcement.

HUGE HEALTHCARE DATA BREACH EXPOSES OVER 1 MILLION AMERICANS’ SENSITIVE INFORMATION

7 ways to avoid ransomware attacks (and fake ransomware scams)

1. Install strong antivirus software and regularly update software: The first line of defense against ransomware is ensuring that your systems are equipped with the latest security tools. Keep all software and devices up to date to avoid vulnerabilities that hackers can exploit. Install firewalls, strong antivirus software and intrusion detection systems to block malicious activities before they can cause harm. Regularly patch operating systems and applications to stay ahead of cybercriminals. The best way to safeguard yourself from malicious links that install malware, potentially accessing your private information, is to have strong antivirus software installed on all your devices. This protection can also alert you to phishing emails and ransomware scams, keeping your personal information and digital assets safe. Get my picks for the best 2025 antivirus protection winners for your Windows, Mac, Android and iOS devices.

2. Implement strong password policies and use a password manager: Ensure all passwords are unique, at least 15 characters long and include a mix of uppercase and lowercase letters, numbers and symbols. Also, consider using a password manager to generate and store complex passwords securely. This reduces the risk of password reuse and weak passwords, which are common entry points for ransomware attacks. Get more details about my best expert-reviewed password managers of 2025 here.

3. Educate and train employees on cybersecurity awareness: Many ransomware attacks start with phishing emails or social engineering tactics. As seen in the scam targeting executives, attackers often use fear-based tactics to manipulate victims into acting quickly. Train your employees, particularly high-level executives, to recognize suspicious emails, fraudulent requests and phishing attempts.

4. Backup data and maintain a secure recovery plan: Data backups are a critical safeguard against ransomware. Regularly back up critical data to secure, offline locations that ransomware cannot access. Testing your recovery plans frequently ensures that if an attack does occur, you can recover quickly with minimal impact on operations. In addition, consider using a cloud service with encryption to ensure that even if an attack happens, the backup remains safe.

5. Utilize two-factor authentication (2FA): Two-factor authentication is an essential security measure that adds an extra layer of protection to sensitive systems and data. With 2FA, even if attackers manage to obtain login credentials, they won’t be able to access critical systems without the second factor of authentication, whether it’s a code sent to a phone or biometric verification.

6. Verify threats before taking action: If you receive a ransom demand (digital or physical), investigate its legitimacy. Scams often lack proof of data breaches or network compromise. Consult cybersecurity experts or law enforcement before responding.

7. Report suspicious activity: Notify law enforcement or organizations like the FBI’s Internet Crime Complaint Center if you encounter scams or ransomware threats. Reporting helps authorities track and mitigate these activities.

FBI WARNS OF DANGEROUS NEW ‘SMISHING’ SCAM TARGETING YOUR PHONE 

Kurt’s key takeaway

Healthcare is seriously lagging when it comes to cybersecurity. It’s crazy that so many health institutions don’t have a CISO or a dedicated security team. Instead, the IT department, which isn’t always trained in cybersecurity, gets stuck trying to handle it all. With so much sensitive data at risk, it’s shocking that so many healthcare organizations still treat cybersecurity as an afterthought.

Cyberattacks are only going to get worse, and unless the industry steps up its game, it’s just a matter of time before more hospitals, clinics and health systems get hit. It’s time to take security seriously.

Do you think these companies are doing enough to protect your data, and is the government doing enough to catch those behind cyberattacks? Let us know by writing us at Cyberguy.com/Contact.

For more of my tech tips and security alerts, subscribe to my free CyberGuy Report Newsletter by heading to Cyberguy.com/Newsletter.

Ask Kurt a question or let us know what stories you’d like us to cover.

Follow Kurt on his social channels:

Answers to the most-asked CyberGuy questions:

New from Kurt:

Copyright 2025 CyberGuy.com. All rights reserved.