On High Alert: Regulators Say Hospital Ransomware Attacks Could Be Imminent

As the number of coronavirus cases surges, the federal government is urging healthcare systems across the U.S. to be on the lookout for ransomware. This week, the FBI, the Department of Health and Human Services, and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency sent a stern warning to hospital administrators, citing a “credible threat” to their IT systems.

Regulators have been investigating a series of cybercrimes targeting major American hospitals in recent weeks. Facilities in California, Oregon, and New York experienced technical difficulties in recent days, but luckily these outages didn’t affect patient care. Yet, the threat continues, especially as we get closer to Election Day on Tuesday, November 3rd.

Here’s what you need to know.

Prepare for Ransomware

Federal agencies say the American healthcare system is ripe for attack as the coronavirus continues. The government says hackers plan to use ransomware to hold sensitive information hostage in exchange for cash payment, usually in the form of Bitcoin, a type of digital currency.

Several hospitals were hit with attacks this week alone, including Sonoma Valley Hospital in California, which saw its computer systems crash after a recent disruption. St. Lawrence Health System in New York says that two of its hospitals, Canton-Potsdam and Gouverneur, had to disable some of their computer services after hackers breached the system. Sky Lakes Medical Center in Oregon says its electronic health records were frozen, which delayed various surgical procedures.

The government has linked these hackings to a group of Russian cybercriminals based somewhere in Moscow or St. Petersburg, sometimes referred to as UNC 1878 or Wizard Spider. The group targeted Universal Health Systems, a network of over 400 facilities, back in September, then considered the largest medical cyberattack of its kind.

Federal agencies say hackers are planning to hit another 400 facilities across the U.S. in the coming week, just in time for next week’s election. That’s according to Alex Holden, the founder of Hold Security, a private security firm, who recently shared information with the FBI. The group may be targeting U.S. election systems as well, unleashing a perfect storm of “havoc” across the country.

This is the same group behind the notorious TrickBot, a form of malware that often targets financial systems. Microsoft says it has taken down around 90% of TrickBot’s servers in recent weeks, and getting rid of the software seems to have put a wedge between federal regulators and the hackers. Some cybersecurity experts believe the group may be targeting hospitals in retaliation for Microsoft taking the software offline.

“The challenge here is because of the attempted takedowns, the TrickBot infrastructure has changed and we don’t have the same telemetry we had before,” Mr. Holden said.

The hackers appear to be using new ransomware tools leading up to the election and a possible third wave of the coronavirus. Kimberly Goody, an analyst at Mandiant, a division of the digital security company FireEye, says, “They don’t need TrickBot because they have an entire arsenal of other tools that they can use.”

Charles Carmakal, senior vice president of Mandiant, says:

“This is to me the most significant cyber threat that we’ve experienced in the U.S. to date. There is a moral line that every person, just as a human being, recognizes exists – when you do something knowing that you are potentially impacting somebody’s life you’ve crossed the line. So, there’s a very clear crossing of the line by this threat actor. This group is incredibly brazen, heartless, relentless.”

A Deadly Game

Holden describes the hackers as a “wounded animal.” He notes that the most recent attacks were not as well planned as those in the past, which suggests the group is getting desperate in their attempts to disrupt the U.S. election.

But experts agree the timing couldn’t be worse.

“We now have more sick people in this country than we had in March and April,” Mr. Holden said. “This is wrong.”

The hackers also appear to be going back on their word, many of whom signed a pledge back in March, vowing not to target healthcare systems during the coronavirus pandemic. However, as the crisis continues, the attacks keep on coming. Based on these recent disruptions, Ms. Goody said, the hackers were “demonstrating a clear disregard for human life.”

Hackers have been holding computers systems hostage for as much as $5 million, nearly double the amount the group asked for months earlier.

So, why the price hike?

Holden, who’s familiar with the hackers’ line of work, says the group is using an old Russian formula to calculate its demands. He says, “There is an old Russian tradition to give 10 percent of annual revenue to the church. This is the hackers’ way of doing the same.”

Be on the lookout for suspicious emails, links, and messages in the next few days. The stakes couldn’t be higher as Americans head to the polls and more people get infected with COVID-19.

Like us on Facebook and join the Scrubs Family