Healthcare entities should be on high alert for signs of the BlackCat and Royal ransomware-as-a-service groups, warns the U.S. government, which characterizes the groups as “relatively new but highly capable” threats.

The Department of Health and Human Services’ Health Sector Cybersecurity Coordination Center in a Thursday threat brief warns that BlackCat conducts triple extortion, meaning it doesn’t just maliciously encrypt data and demand an extortion payment, but also threatens to leak the data and conduct distributed denial-of-service attacks against victims if they don’t pay up. Royal hews to the now more traditional double-extortion method of demanding a ransomware payment backed with the threat of a data breach.