Feds indict ransomware hackers of Allscripts, others
THE U.S. JUSTICE DEPARTMENT indicted two men who led cyberattacks on the computer systems of healthcare companies and others, resulting in more than $30 million in losses.
This was the first U.S. indictment of individual people for ransomware attacks.
Allscripts, Medstar Health and Hollywood Presbyterian Medical Center were among those infected with the ransomware. Altogether, the attacks caused victims to lose more than $30 million, in addition to the ransom payments.
The men, Faramarz Shahi Savandi and Mohammad Mehdi
Shah Mansouri, both based in Iran, used the SamSam ransomware for extortion, netting them more than
$6 million in ransom payments. They “deliberately engaged in an extreme form of 21st-century digital blackmail, attacking and extorting vulnerable victims like hospitals and schools, victims they knew would be willing an able to pay,” Assistant Attorney General Brian Benczkowski said in a statement.
After breaking into organizations’ networks, the hackers used the ransomware to seal off access to the data. They then demanded payment in bitcoin in exchange for unlocking the data.
For Allscripts, that meant days of downtime for its Professional EHR, Electronic Prescriptions for Controlled Substances, and other services, affecting about 1,500 clients.
“Allscripts and its affiliates support and are encouraged by efforts to bring perpetrators of ransomware attacks to justice,” the company said in a statement.
The indictment reflects the Justice Department’s tough stance on cybercrime, according to Benczkowski. “We want to get the word out that every sector of our economy is a potential target of malicious cyberactivity,” he added.
Healthcare in particular has drawn the attention of hackers. For 2018 through the end of October, there were 306 breaches of healthcare organizations reported to HHS’ Office for Civil Rights. The majority of those breaches were classified as “hacking/IT incident.”
Because hacking is growing more and more widespread, companies need to “diversify” their defense strategies, according to Sherban Naum, senior vice president for corporate strategy and technology for data-security firm Bromium.
These strategies should involve separating out the most important information on their networks so it’s protected
● in case of a widespread hack, he said.