FBI warns ransomware assault threatens health care system
Federal agencies warned that cybercriminals could unleash a wave of data-scrambling extortion attempts against the U.S. health care system, an effort that, if successful, could paralyze hospital information systems just as nationwide cases of COVID-19 are spiking.
In a joint alert Wednesday, the FBI and two federal agencies said they had credible information of “an increased and imminent cybercrime threat” to U.S. hospitals and health care providers. The alert said malicious groups are targeting the sector with attacks aiming for “data theft and disruption of healthcare services.”
The impact of the expected attack wave, however, is difficult to assess.
It involves a particular strain of ransomware, which scrambles a target’s data into gibberish until they pay up. Previous such attacks on health care facilities have impeded care and, in one case in Germany, led to the death of a patient. But such consequences are still rare.
The federal warning itself could help stave off the worst consequences, either by leading hospitals to take additional precautions or by expanding efforts to knock down the systems cybercriminals use to launch such attacks.
The offensive coincides with the U.S. presidential election, although there is no immediate indication the cybercriminals involved are motivated by anything but profit. The
that emergency and urgent care ty firm Mandiant, called the cyware occurred in Duesseldorf, “remain available.” The St. Lawberthreat the “most significant” the Germany, when an IT system failrence system said Thursday that no country has ever seen. ure forced a critically ill patient to patient or employee data appeared The U.S. has seen a plague of be routed to a hospital in another federal alert was co-authored bycity.tohavebeenaccessedorcompro-ransomwareoverthepast18 the Department of Homeland Secumised. Matthew Denner, the emermonths or so, with major cities Holden said the Russian-speakrity and the Department of Health gency services director for St. Lawfrom Baltimore to Atlanta hit and ing group behind recent attacks and Human Services. rence County, told the Adirondack local governments and schools was demanding ransoms well
Independent security experts say Daily Enterprise that the hospital walloped especially hard. above $10 million per target and the ransomware, called Ryuk, has owner instructed the county to In September, a ransomware that criminals involved on the dark already impacted at least five U.S. divert ambulances from two of the attack hobbled all 250 U.S. facilities web were discussing plans to try to hospitals this week and could poaffected hospitals for a few hours of the hospital chain Universal infect more than 400 hospitals, tentially affect hundreds more. Tuesday, when the attack occurred. Health Services, forcing doctors clinics and other medical facilities. Four health care institutions have Neither Denner nor the company and nurses to rely on paper and While no one has proven susbeen reported hit by ransomware replied to requests for comment on pencil for record-keeping and slowpected ties between the Russian so far this week, three belonging to that report. ing lab work. Employees described government and gangs that use the the St. Lawrence Health System in Alex Holden, CEO of Hold Secuchaotic conditions impeding paTrickbot platform that distributes upstate New York and the Sky rity, which has been closely tracktient care, including mounting Ryuk and other malware, Holden Lakes Medical Center in Klamath ing Ryuk for more than a year, said emergency room waits and the said he has “no doubt that the RusFalls, Ore. the attack wave could be unprecefailure of wireless vital-signs monsian government is aware of this
Sky Lakes said in an online statedented in magnitude for the U.S. In itoring equipment. operation.” Microsoft has been ment that it had no evidence patient a statement, Charles Carmakal, Also in September, the first engaged since early October in information was compromised and chief technical officer of the securi- known fatality related to ransom- trying to knock Trickbot offline.