Ransomware Surge Imperils Hospitals As Pandemic Intensifies

Hackers are stepping up attacks on health care systems with ransomware in the United States and other countries, creating new risks for medical care as the global coronavirus pandemic accelerates.

Alerts from US authorities and security researchers highlight a wave of cyberattacks on hospitals coping with rising virus infections.

An unusual warning this week from the FBI with the Departments of Homeland Security and Health and Human Services, underscored the threat.

The three agencies “have credible information of an increased and imminent cybercrime threat to US hospitals and health care providers,” said the alert issued Wednesday, calling on health systems to “take timely and reasonable precautions to protect their networks from these threats.”

Media reports have cited several US hospitals hit by ransomware.

Hospitals and other health facilities are increasingly being targeted by ransomware even as they try to ramp up for the acceleration in the pandemic Hospitals and other health facilities are increasingly being targeted by ransomware even as they try to ramp up for the acceleration in the pandemic Photo: AFP / DAMIEN MEYER

One of them, the University of Vermont Medical Center, said in a statement Thursday it was working with law enforcement on “a now confirmed cyberattack that has affected some of our systems” which has had “variable impacts” on patient care.

Daniel dos Santos of the computer security firm Forescout said cash-strapped medical centers are particularly attractive targets for hackers and that at least 400 hospitals had been hit in the past few weeks in the US and Britain.

Hackers are aware that “health care is the most likely to pay the ransom because their services are critical,” dos Santos said.

“Stopping services means that people will literally be dying.”

For hospitals unable or willing to pay, “it would mean going back to pen and paper, which can cause huge slowdowns,” he added.

Forescout said in a report that while many hospitals have upgraded computer systems, most use a variety of connected devices such as patient monitors or CT scanners which “act as the weak links in the network” because they transmit data over insecure channels.

Connected devices in hospitals can become weak points for hackers looking to launch ransomware attacks, according to security experts Connected devices in hospitals can become weak points for hackers looking to launch ransomware attacks, according to security experts Photo: POOL / Steve Parsons

In one sign of the troubles looming, dos Santos and fellow researchers said they discovered data on some three million US patients online, “unprotected and accessible to anyone who knows how to search for it.,” the Forescout report said.

Ransomware is a longstanding security issue and health care has been a frequent target. A September attack disrupted Universal Health Services, which operates hospitals in the US and Britain.

But security experts say the attacks are accelerating as the pandemic worsens.

Researchers at the security firm Check Point said its survey showed health care has been the most targeted industry by ransomware, with a 71 percent jump in attacks on US providers in October from a month earlier.

Check Point said there have been significant rises in ransomware attacks on hospitals in Asia, Europe and the Middle East as well. Globally, the firm said ransomware attacks were up 50 percent

Read more

More hospitals hit by ransomware as feds warn about cyberattacks

A recent wave of ransomware attacks has infected more hospitals than previously known, including a University of Vermont network with locations in New York and Vermont.

The University of Vermont Health Network is analyzing what appears to be a ransomware attack from the same cybercrime gang that has infected at least three other hospitals in recent weeks, according to two sources familiar with the investigation who weren’t authorized to comment about it before it is complete.

Several federal agencies warned Wednesday of “an increased and imminent cybercrime threat” to the country’s health care providers, particularly from a gang that uses a strand of ransomware called Ryuk. The U.S. has repeatedly hit record highs for daily confirmed coronavirus infections.

The FBI and the Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security, sent an updated alert Thursday night with new technical information, adding that they have “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”

As many as 20 medical facilities have been hit by the recent wave of ransomware, said a person with knowledge of the matter, who spoke on the condition of anonymity because they weren’t authorized to speak publicly. The figure includes multiple facilities within the same hospital chain.

Three other hospital chains have recently confirmed cyberattacks, believed to be ransomware, by the same gang: the Sky Lakes Medical Center, with 21 locations in Oregon; Dickinson County Healthcare System in Michigan and Wisconsin; and the St. Lawrence Health System in northern New York. It was not clear how much of their systems or how many locations had been hit by the ransomware.

Tom Hottman, a spokesperson for Sky Lakes Medical Center, confirmed that the company had been infected with Ryuk and said its computers were inaccessible, halting radiation treatments for cancer patients.

“We’re still able to meet the care needs for most patients using work-around procedures, i.e. paper rather than computerized records. It’s slower but seems to work,” he said in an email.

Joe Rizzo, a spokesperson for Dickinson, said in an email that their hospitals and clinics are using paper copies for some services because computer systems are down.

Rich Azzopardi, senior adviser to New York Gov. Andrew Cuomo, said the state’s Division of Homeland Security and Emergency Services and other groups had been in communication about the St. Lawrence attack.

Details about a major wave of ransomware attacks on U.S. hospitals began to emerge at the end of September when computer systems for Universal Health Services, one of the biggest hospital chains in the country, were hit, forcing some doctors and nurses to use pen and paper to file patient information. Jane Crawford, the chain’s director of public relations, said in an email at the beginning of October that no one had died because of the attack.

Ransomware attacks often gain access to secure systems and then encrypt files. The people behind the attacks then demand money to decrypt the files.

Ryuk is transmitted through

Read more

FBI warns ransomware assault threatens US health care system

BOSTON (AP) — Federal agencies warned that cybercriminals could unleash a wave of data-scrambling extortion attempts against the U.S. health care system, an effort that, if successful, could paralyze hospital information systems just as nationwide cases of COVID-19 are spiking.

In a joint alert Wednesday, the FBI and two federal agencies said they had credible information of “an increased and imminent cybercrime threat” to U.S. hospitals and health care providers. The alert said malicious groups are targeting the sector with attacks aiming for “data theft and disruption of healthcare services.”

The impact of the expected attack wave is difficult to assess.


It involves a particular strain of ransomware, which scrambles a target’s data into gibberish until they pay up. Previous such attacks on health care facilities have impeded care and, in one case in Germany, led to the death of a patient, but such consequences are still rare.

The federal warning itself could help stave off the worst consequences, either by leading hospitals to take additional precautions or by expanding efforts to knock down the systems cybercriminals use to launch such attacks.

The offensive coincides with the U.S. presidential election, although there is no immediate indication the cybercriminals involved are motivated by anything but profit. The federal alert was co-authored by the Department of Homeland Security and the Department of Health and Human Services.

Independent security experts say the ransomware, called Ryuk, has already impacted at least five U.S. hospitals this week and could potentially affect hundreds more. Four health care institutions have been reported hit by ransomware so far this week, three belonging to the St. Lawrence Health System in upstate New York and the Sky Lakes Medical Center in Klamath Falls, Oregon.

Sky Lakes acknowledged the ransomware attack in an online statement, saying it had no evidence that patient information was compromised. It said emergency and urgent care “remain available.”

The St. Lawrence system also acknowledged a Tuesday ransomware attack, noting in a statement released Thursday that no patient or employee data appeared to have been accessed or compromised. Matthew Denner, the emergency services director for St. Lawrence County, told the Adirondack Daily Enterprise that the hospital owner instructed the county to divert ambulances from two of the affected hospitals for a few hours Tuesday. The company did not return requests for comment on that report.

Alex Holden, CEO of Hold Security, which has been closely tracking Ryuk for more than a year, said the attack could be unprecedented in magnitude for the U.S. In a statement, Charles Carmakal, chief technical officer of the security firm Mandiant, said the cyberthreat could be the “most significant” the country has ever seen.

The U.S. has seen a plague of ransomware over the past 18 months or so, with major cities from Baltimore to Atlanta hit and local governments and schools walloped especially hard.

In September, a ransomware attack hobbled all 250 U.S. facilities of the hospital chain Universal Health Services, forcing doctors and nurses to rely on paper and pencil

Read more

FBI warns of “imminent” ransomware attacks on hospital systems

Federal agencies warned that cybercriminals are unleashing a wave of data-scrambling extortion attempts against the U.S. healthcare system designed to lock up hospital information systems, which could hurt patient care just as nationwide cases of COVID-19 are spiking.

In a joint alert Wednesday, the FBI and two federal agencies warned that they had “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The alert said malicious groups are targeting the sector with attacks that produce “data theft and disruption of healthcare services.”

The cyberattacks involve ransomware, which scrambles data into gibberish that can only be unlocked with software keys provided once targets pay up. Independent security experts say it has already hobbled at least five U.S. hospitals this week and could impact hundreds more.

The offensive by a Russian-speaking criminal gang coincides with the U.S. presidential election, although there is no immediate indication they were motivated by anything but profit.

“We are experiencing the most significant cyber security threat we’ve ever seen in the United States,” Charles Carmakal, chief technical officer of the cybersecurity firm Mandiant, said in a statement.

Alex Holden, CEO of Hold Security, which has been closely tracking the ransomware in question for more than a year, agreed that the unfolding offensive is unprecedented in magnitude for the U.S. given its timing in the heat of a contentions presidential election and the worst global pandemic in a century.

The federal alert was co-authored by the Department of Homeland Security and the Department of Health and Human Services.

Agence France-Presse notes that the agencies urged U.S. healthcare providers to take “timely and reasonable precautions” such as patching their operating systems, software and firmware as soon as possible and running antivirus and anti-malware scans regularly.

The cybercriminals launching the attacks use a strain of ransomware known as Ryuk, which is seeded through a network of zombie computers called Trickbot that Microsoft began trying to counter earlier this month.U.S. Cyber Command has also reportedly taken action against Trickbot.

While Microsoft has had considerable success knocking its command-and-control servers offline through legal action, analysts say criminals have still been finding ways to spread Ryuk.

Recent attacks

The U.S. has seen a plague of ransomware over the past 18 months or so, with major cities from Baltimore to Atlanta hit and local governments and schools hit especially hard.

In September, a ransomware attack hobbled all 250 U.S. facilities of the hospital chain Universal Health Services, forcing doctors and nurses to rely on paper and pencil for record-keeping and slowing lab work. Employees described chaotic conditions impeding patient care, including mounting emergency room waits and the failure of wireless vital-signs monitoring equipment.

Also in September, the first known fatality related to ransomware occurred in Duesseldorf, Germany, when an IT system failure forced a critically ill patient to be routed to a hospital in another city.

Holden said he alerted federal law enforcement Friday after monitoring infection attempts at a number of hospitals, some of which may have

Read more

FBI: U.S. Hospitals Targeted in Ransomware Attacks

(BOSTON) — Federal agencies warned that cybercriminals are unleashing a major ransomware assault against the U.S. healthcare system. Independent security experts say it has already hobbled at least five U.S. hospitals this week, and could potentially impact hundreds more.

In a joint alert Wednesday, the FBI and two federal agencies warned that they had “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” They said “malicious cyber actors” are targeting the sector with ransomware that could lead to “data theft and disruption of healthcare services.”

The aggressive offensive by a Russian-speaking criminal gang coincides with the U.S. presidential election, though there was no immediate indication it was motivated by anything but profit.

“We are experiencing the most significant cyber security threat we’ve ever seen in the United States,” Charles Carmakal, chief technical officer of the cybersecurity firm Mandiant, said in a statement. He’s concerned that the group may deploy malware to hundreds of hospitals over the next few weeks.

Alex Holden, CEO of Hold Security, which has been closely tracking the ransomware in question for more than a year, agreed that the unfolding offensive is unprecedented in magnitude for the U.S. Administrative problems caused by ransomware, which scrambles data into gibberish that can only be unlocked with software keys provided once targets pay up, could further stress hospitals burdened by a nationwide spike in COVID-19 cases.

The cybercriminals suspected of the attacks use a strain of ransomware known as Ryuk, which is seeded through a network of zombie computers called Trickbot that Microsoft began trying to counter earlier in October. While the company has had considerable success knocking Trickbot command-and-control servers offline through legal action, analysts say criminals have still been finding ways to spread Ryuk.

The U.S. has seen a plague of ransomware over the past 18 months or so.

In September, a ransomware attack hobbled all 250 U.S. facilities of the hospital chain Universal Health Services, forcing doctors and nurses to rely on paper and pencil for record-keeping and slowing lab work. Employees described chaotic conditions impeding patient care. Also in September, the first known fatality related to ransomware occurred in Duesseldorf, Germany, when an IT system failure forced a critically ill patient to be routed to a hospital in another city.

Holden said he alerted federal law enforcement Friday after monitoring infection attempts at a number of hospitals, some of which may have beaten back infections. The FBI did not immediately respond to a request for comment.

He said the group was demanding exorbitant ransoms well above $10 million per target and that criminals involved on the dark web were discussing plans to try to infect more than 400 hospitals, clinics and other medical facilities.

“One of the comments from the bad guys is that they are expecting to cause panic and, no, they are not hitting election systems,” Holden said. “They are hitting where it hurts even more and they know it.” U.S. officials have repeatedly expressed concern about major

Read more

Building wave of ransomware attacks strike U.S. hospitals

By Christopher Bing and Joseph Menn

WASHINGTON/SAN FRANCISCO (Reuters) – Eastern European criminals are targeting dozens of U.S. hospitals with ransomware, and federal officials on Wednesday urged healthcare facilities to beef up preparations rapidly in case they are next.

The FBI is investigating the recent attacks, which include incidents in Oregon, California and New York made public just this week, according to three cybersecurity consultants familiar with the matter.

A doctor at one hospital told Reuters that the facility was functioning on paper after an attack and unable to transfer patients because the nearest alternative was an hour away. The doctor declined to be named because staff were not authorized to speak with reporters.

“We can still watch vitals and getting imaging done, but all results are being communicated via paper only,” the doctor said. Staff could see historic records but not update those files.

Experts said the likely group behind the attacks was known as Wizard Spider or UNC 1878. They warned that such attacks can disrupt hospital operations and lead to loss of life.

The attacks prompted a teleconference call on Wednesday led by FBI and Homeland Security officials for hospital administrators and cybersecurity experts.

A participant told Reuters that government officials warned hospitals to make sure their backup systems were in order, disconnect systems from the internet where possible, and avoid using personal email accounts.

The FBI did not immediately respond to a request for comment.

“This appears to have been a coordinated attack designed to disrupt hospitals specifically all around the country,” said Allan Liska, a threat intelligence analyst with U.S. cybersecurity firm Recorded Future.

“While multiple ransomware attacks against healthcare providers each week have been commonplace, this is the first time we have seen six hospitals targeted in the same day by the same ransomware actor.”

In the past, ransomware infections at hospitals have downed patient record-keeping databases, which critically store up-to-date medical information, affecting hospitals’ ability to provide healthcare.

Ransomware attacks have jumped 50% over the past three months, security firm Check Point said Wednesday, with the proportion of polled healthcare organizations impacted jumping to 4% in the third quarter from 2.3% in the previous quarter.

Two of the three consultants familiar with the attacks said the cyber criminals were commonly using a type of ransomware known as “Ryuk,” which locks up a victim’s computer until a payment is received.

The teleconference call participant said government officials disclosed that the attackers used Ryuk and another trojan, known as Trickbot, against the hospitals.

“UNC1878 is one of the most brazen, heartless, and disruptive threat actors I’ve observed over my career,” said Charles Carmakal, senior vice president for U.S. cyber incident response firm Mandiant.

“Multiple hospitals have already been significantly impacted by Ryuk ransomware and their networks have been taken offline.”

Experts say the deployment of Trickbot is significant after efforts by Microsoft <MSFT.O> to disrupt the hacking network earlier this month.

That initiative was designed to handicap the cyber criminals, but they seem

Read more

FBI warns ransomware assault threatens US healthcare system

BOSTON (AP) — Federal agencies warned that cybercriminals are unleashing a wave of data-scrambling extortion attempts against the U.S. healthcare system designed to lock up hospital information systems, which could hurt patient care just as nationwide cases of COVID-19 are spiking.

In a joint alert Wednesday, the FBI and two federal agencies warned that they had “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The alert said malicious groups are targeting the sector with attacks that produce “data theft and disruption of healthcare services.”

The cyberattacks involve ransomware, which scrambles data into gibberish that can only be unlocked with software keys provided once targets pay up. Independent security experts say it has already hobbled at least five U.S. hospitals this week, and could potentially impact hundreds more.

The offensive by a Russian-speaking criminal gang coincides with the U.S. presidential election, although there is no immediate indication they were motivated by anything but profit. “We are experiencing the most significant cyber security threat we’ve ever seen in the United States,” Charles Carmakal, chief technical officer of the cybersecurity firm Mandiant, said in a statement.

Alex Holden, CEO of Hold Security, which has been closely tracking the ransomware in question for more than a year, agreed that the unfolding offensive is unprecedented in magnitude for the U.S. given its timing in the heat of a contentions presidential election and the worst global pandemic in a century.

The federal alert was co-authored by the Department of Homeland Security and the Department of Health and Human Services.


The cybercriminals launching the attacks use a strain of ransomware known as Ryuk, which is seeded through a network of zombie computers called Trickbot that Microsoft began trying to counter earlier in October. U.S. Cyber Command has also reportedly taken action against Trickbot. While Microsoft has had considerable success knocking its command-and-control servers offline through legal action, analysts say criminals have still been finding ways to spread Ryuk.

The U.S. has seen a plague of ransomware over the past 18 months or so, with major cities from Baltimore to Atlanta hit and local governments and schools hit especially hard.

In September, a ransomware attack hobbled all 250 U.S. facilities of the hospital chain Universal Health Services, forcing doctors and nurses to rely on paper and pencil for record-keeping and slowing lab work. Employees described chaotic conditions impeding patient care, including mounting emergency room waits and the failure of wireless vital-signs monitoring equipment.

Also in September, the first known fatality related to ransomware occurred in Duesseldorf, Germany, when an IT system failure forced a critically ill patient to be routed to a hospital in another city.

Holden said he alerted federal law enforcement Friday after monitoring infection attempts at a number of hospitals, some of which may have beaten back infections. The FBI did not immediately respond to a request for comment.

He said the group was demanding ransoms well above $10 million per target and that criminals involved on the

Read more

Multiple U.S. Hospitals Have Reportedly Been Targeted in Ransomware Attack

Federal agencies released an advisory Wednesday, warning the health sector about a “credible” cyber crime threat to U.S. hospitals.

The joint warning was issued by the FBI, the Department of Health and Human Services, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. It urged hospitals and health-provides to increase security measures, as experts have received information about cyber criminals who were using Ryuk ransomware, which encrypts a victim’s files and denies them access to their service or data until the ransom is paid. The attacks could also lead to data theft as well as the disruption of healthcare services, which is especially concerning as hospitals across the country deal with another surge in COVID-19 cases.

According to the Associated Press, Milwaukee-based cyber intelligence firm Hold Security has been monitoring the ransomware operation for more than a year. The firm’s CEO/founder Alex Holden said the group of hackers claims to have ransomed more than 30 U.S. health facilities and plans to attack over 400 more.

The AP reports Holden had notified federal agents about recent infection attempts last Friday. Though it’s unclear how many hospitals were targeted, Holden said some “may have beaten back infections.” One of the affected facilities was Sky Lakes Medical Center in Oregon. The hospital released a Facebook statement on Tuesday confirming its computer system had been compromised.

“Earlier today, Sky Lakes Medical Center was the victim of a ransomware attack … right now we have no evidence that patient information has been compromised,” the post read. “However, communications with the medical center will be a little complicated until we can get our systems operating again. Our entire Sky Lakes team is working to counter this attack, and we will keep you updated on the ongoing details of our efforts to return business back to normal. Emergency and Urgent care remain available. Many scheduled procedures will go on as scheduled.”

The advisory comes about a month after Universal Health Services announced a ransomware attack had affected 250 of its U.S. hospitals and clinics. Doctors and nurses at the facilities were reportedly forced to slow lab work and rely on manual record-keeping.

“We are most concerned with ransomware attacks which have the potential to disrupt patient care operations and risk patient safety,” John Riggi, senior cybersecurity adviser to the American Hospital Association, said at the time. “We believe any cyberattack against any hospital or health system is a threat-to-life crime and should be responded to and pursued as such by the government.”

Related Articles

More Complex

Sign up for the Complex Newsletter for breaking news, events, and unique stories.

Follow Complex on: Facebook, Twitter, Instagram, YouTube, Snapchat, TikTok

Source Article

Read more