Healthcare facilities have increasingly become a prime target for hackers in recent years. Due to the sensitive nature of their data and the importance of keeping their operations running, hospitals are often forced to pay ransoms rather than waiting on authorities to restore their systems. This makes them attractive to hackers without morals who want to score some quick cash (or Bitcoin).
Now, several federal agencies are warning that a cybercrime group is actively targeting healthcare facilities in the United States. Allen Liska, an intelligence analyst, told CNN that this could be “the biggest attack we’ve ever seen.”
America’s healthcare system has never been subjected to the pressures it is facing right now. In response to the COVID-19 pandemic, hospitals are working overtime to stay afloat. Adding ransomware to the mix could be disastrous.
In fact, it already has been. Reports in September found that a ransomware attack on a German hospital was responsible for the death of at least one patient. No attacks in the U.S. are known to have caused fatalities. However, that horror could become reality if the ransomware trend continues.
The current rash of cybercrime has already affected four hospitals in the U.S. according to a report constructed by the FBI, the Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS).
The group says, “CISA, FBI, and (the Department of Health and Human Services) have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”
Those responsible are reportedly using a form of ransomware called TrickBot and the BazarLoader malware alongside Ryuk ransomware. These programs allow hackers to remotely lock down a hospital’s computer systems and steal sensitive patient data.
As such, hospitals are being warned to stay vigilant. Aside from the four facilities that have already been affected, hundreds more are at risk.
Although the origin of the attacks hasn’t been confirmed, experts believe that a Russian hacking group known as UNC1878 could be responsible. The group is believed to be financially motivated. However, there is no excuse for attacking hospitals in the midst of a pandemic—or ever.
A number of cybercrime groups have pledged to avoid hospitals throughout the COVID-19 pandemic, showing that whoever is responsible for these attacks is truly apathetic.
Charles Carmakal, chief technical officer for the cybersecurity firm Mandiant, told Reuters that the group is “one of the most brazen, heartless, and disruptive threat actors I’ve ever observed over my career.”
In a somewhat unnerving statement, CISA director Chris Krebs, said, “Healthcare and Public Health sector partners – shields up! Assume Ryuk is inside the house. Executives—be ready to activate business continuity and disaster recovery plans. IT sec teams—patch, MFA, check logs, make sure you have a good backup point.”
🚨🚨🚨 Healthcare and Public Health sector partners – shields up! Assume Ryuk is inside the house. Executives – be ready to activate business continuity and disaster recovery plans. IT sec teams – patch, MFA, check logs, make sure you have a good backup point. https://t.co/j3cb26khHZ
— Chris Krebs #Protect2020 (@CISAKrebs) October 29, 2020
As the world continues to combat the COVID-19 pandemic, this will be a situation to monitor closely. Cybersecurity experts will undoubtedly be working around the clock to find those responsible and prevent them from crippling any more facilities.