On Wednesday, the FBI said in an urgent warning that cybercriminals are using a wave of ransomware attacks targeting U.S. healthcare systems.
The FBI issued a joint statement with the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS), describing continued ransomware attacks aimed at infecting Healthcare and Public Health Sector (HPH) systems with Ryuk ransomware. The statement came amid reports that at least five U.S. hospitals had been targeted within the last week.
“CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers,” the statement read. “CISA, FBI, and HHS are sharing this information to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.”
The FBI did not provide information about specific attacks but the Associated Press reported independent security experts said the latest ransomware attacks have already targeted five hospitals this week and hundreds more could be at risk.
Ransomware is a form of malware that threatens to publish a victim’s personal information, or blocks access to it until a ransom is paid.
According to the joint statement, a cybercriminals enterprise has been using and developing “Trickbot” malware since 2016. The cybercriminal enterprise has been adding functionality to the malware tools, increasing the ease, speed, and profitability of their cyber attacks.”
Alex Holden, the CEO of Hold Security, told the AP he alerted federal law enforcement officials of a cybersecurity threat after monitoring ransomware infection attempts at a number of hospitals. Some of the targeted hospitals may have beaten back ransomware attempts.
The attacks come days before the 2020 U.S. presidential election, but there is no apparent connection between the ransomware attacks and the election, according to the AP.
“One of the comments from the bad guys is that they are expecting to cause panic and, no, they are not hitting election systems,” Holden told the AP. “They are hitting where it hurts even more and they know it.”
Charles Carmakal, chief technical officer of the cybersecurity firm Mandiant, told the AP that the ransomware attacks were linked to a group an eastern European group he referred to as UNC1878.
Carmakal said UNC1878 “is deliberately targeting and disrupting U.S. hospitals, forcing them to divert patients to other healthcare providers,” causing delays in critical care. He added that the cybercriminal group is “one of most brazen, heartless, and disruptive threat actors I’ve observed over my career.”
The AP reported a ransomware attack in September hit all 250 U.S. facilities in the Universal Health Services hospital chain. The attack forced doctors and nurses to rely on paper and pencil for record-keeping. Another ransomware attack against a hospital in Duesseldorf, Germany resulted in a death when the resulting computer system failure forced a critically ill patient to be routed to a hospital in another city.