FBI: U.S. Hospitals Targeted in Ransomware Attacks

(BOSTON) — Federal agencies warned that cybercriminals are unleashing a major ransomware assault against the U.S. healthcare system. Independent security experts say it has already hobbled at least five U.S. hospitals this week, and could potentially impact hundreds more.

In a joint alert Wednesday, the FBI and two federal agencies warned that they had “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” They said “malicious cyber actors” are targeting the sector with ransomware that could lead to “data theft and disruption of healthcare services.”

The aggressive offensive by a Russian-speaking criminal gang coincides with the U.S. presidential election, though there was no immediate indication it was motivated by anything but profit.

“We are experiencing the most significant cyber security threat we’ve ever seen in the United States,” Charles Carmakal, chief technical officer of the cybersecurity firm Mandiant, said in a statement. He’s concerned that the group may deploy malware to hundreds of hospitals over the next few weeks.

Alex Holden, CEO of Hold Security, which has been closely tracking the ransomware in question for more than a year, agreed that the unfolding offensive is unprecedented in magnitude for the U.S. Administrative problems caused by ransomware, which scrambles data into gibberish that can only be unlocked with software keys provided once targets pay up, could further stress hospitals burdened by a nationwide spike in COVID-19 cases.

The cybercriminals suspected of the attacks use a strain of ransomware known as Ryuk, which is seeded through a network of zombie computers called Trickbot that Microsoft began trying to counter earlier in October. While the company has had considerable success knocking Trickbot command-and-control servers offline through legal action, analysts say criminals have still been finding ways to spread Ryuk.

The U.S. has seen a plague of ransomware over the past 18 months or so.

In September, a ransomware attack hobbled all 250 U.S. facilities of the hospital chain Universal Health Services, forcing doctors and nurses to rely on paper and pencil for record-keeping and slowing lab work. Employees described chaotic conditions impeding patient care. Also in September, the first known fatality related to ransomware occurred in Duesseldorf, Germany, when an IT system failure forced a critically ill patient to be routed to a hospital in another city.

Holden said he alerted federal law enforcement Friday after monitoring infection attempts at a number of hospitals, some of which may have beaten back infections. The FBI did not immediately respond to a request for comment.

He said the group was demanding exorbitant ransoms well above $10 million per target and that criminals involved on the dark web were discussing plans to try to infect more than 400 hospitals, clinics and other medical facilities.

“One of the comments from the bad guys is that they are expecting to cause panic and, no, they are not hitting election systems,” Holden said. “They are hitting where it hurts even more and they know it.” U.S. officials have repeatedly expressed concern about major

Read more

Multiple U.S. Hospitals Have Reportedly Been Targeted in Ransomware Attack

Federal agencies released an advisory Wednesday, warning the health sector about a “credible” cyber crime threat to U.S. hospitals.

The joint warning was issued by the FBI, the Department of Health and Human Services, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. It urged hospitals and health-provides to increase security measures, as experts have received information about cyber criminals who were using Ryuk ransomware, which encrypts a victim’s files and denies them access to their service or data until the ransom is paid. The attacks could also lead to data theft as well as the disruption of healthcare services, which is especially concerning as hospitals across the country deal with another surge in COVID-19 cases.

According to the Associated Press, Milwaukee-based cyber intelligence firm Hold Security has been monitoring the ransomware operation for more than a year. The firm’s CEO/founder Alex Holden said the group of hackers claims to have ransomed more than 30 U.S. health facilities and plans to attack over 400 more.

The AP reports Holden had notified federal agents about recent infection attempts last Friday. Though it’s unclear how many hospitals were targeted, Holden said some “may have beaten back infections.” One of the affected facilities was Sky Lakes Medical Center in Oregon. The hospital released a Facebook statement on Tuesday confirming its computer system had been compromised.

“Earlier today, Sky Lakes Medical Center was the victim of a ransomware attack … right now we have no evidence that patient information has been compromised,” the post read. “However, communications with the medical center will be a little complicated until we can get our systems operating again. Our entire Sky Lakes team is working to counter this attack, and we will keep you updated on the ongoing details of our efforts to return business back to normal. Emergency and Urgent care remain available. Many scheduled procedures will go on as scheduled.”

The advisory comes about a month after Universal Health Services announced a ransomware attack had affected 250 of its U.S. hospitals and clinics. Doctors and nurses at the facilities were reportedly forced to slow lab work and rely on manual record-keeping.

“We are most concerned with ransomware attacks which have the potential to disrupt patient care operations and risk patient safety,” John Riggi, senior cybersecurity adviser to the American Hospital Association, said at the time. “We believe any cyberattack against any hospital or health system is a threat-to-life crime and should be responded to and pursued as such by the government.”

Related Articles

More Complex

Sign up for the Complex Newsletter for breaking news, events, and unique stories.

Follow Complex on: Facebook, Twitter, Instagram, YouTube, Snapchat, TikTok

Source Article

Read more