BOSTON (AP) – Federal agencies warn that cybercriminals could unleash a wave of ransom data attacks Against the US healthcare system, an attempt, if successful, could cripple hospital information systems as well as nationwide COVID-19 infections are skyrocketing.
In a joint warning Wednesday, the FBI and two federal agencies said they had credible information about the “growing and imminent cybercrime threat” to hospitals and suppliers. US healthcare services. Malicious groups are targeting this sector with attacks aimed at “stealing data and disrupting healthcare services,”; the warning said.
However, the impact of the expected attack wave is difficult to assess.
It involves a specific set of ransomware, shuffling a target’s data into meaningless until they pay. Previous such attacks on health care facilities hampered care and, in one case in Germany, resulted in the death of a patient. But such consequences are still rare.
The federal warning itself can help prevent the worst consequences, either by taking top-tier hospitals to take additional precautions or by expanding efforts to shut down systems where cybercriminals take down. used to perform such attacks.
The attack coincided with the US presidential election, though there was no immediate indication that cybercrime involved was driven by anything but profits. Federal Alert is co-authored by the Department of Homeland Security and the Department of Health and Human Services.
Independent security experts say the ransomware, known as Ryuk, affected at least 5 hospitals in the US this week and could affect hundreds of others. Four health care facilities were hit by ransomware this week, three of which were part of St. Health System. Lawrence in upstate New York and Sky Lakes Medical Center in Klamath Falls, Oregon.
Sky Lakes said in an online statement that it had no evidence of compromised patient information and that urgent and urgent care “is still available”. St. system No patient or employee data had been accessed or compromised, Lawrence said Thursday. Matthew Denner, St. County emergency services manager Lawrence, told Adirondack Daily Enterprise that the hospital owner instructed the district to redirect the ambulance from two of the affected hospitals for a few hours on Tuesday, when the attack occurred. Neither Denner nor the company responded to a request for comment on that report.
Alex Holden, CEO of Hold Security, has been closely watching Ryuk for over a year, saying the wave of attacks could be unprecedentedly large against the U.S. In a statement, Charles Carmakal, chief technical officer security firm Mandiant, has called the “most significant” online threat the country has ever witnessed.
The United States has seen a ransomware outbreak over the past 18 months, with major cities from Baltimore to Atlanta under attack and local governments and schools particularly tough.
In September, a ransomware attack disrupted all 250 US facilities Global Health Services hospital chain, forcing doctors and nurses to rely on paper and pencil to take notes and slow down lab work. The staff described the chaos that hindered patient care, including the installation of waiting lines in the emergency room and the failure of the wireless vital indicator.
Also in September, the first known death case involved ransomware occurred in Duesseldorf, Germany, when an IT system failure forced a critical patient to be transferred to a hospital in another city.
Holden says the Russian-speaking group behind the recent attacks is asking for ransom of more than $ 10 million per target, and dark web-related criminals are discussing plans to try to infect. more than 400 hospitals, clinics and other medical facilities.
While no one has demonstrated the suspicious relationship between the Russian government and the gangs using the Trickbot platform that distributes Ryuk and other malware, Holden said he was “sure that the Russian government was aware of it. This activity ”. Microsoft has been involved since early October trying to get rid of Trickbot offline.
Dmitri Alperovitch, co-founder and former technical director of cybersecurity firm Crowdstrike, said “there is certainly a lot of links between Russian cybercriminals and the state”, with hackers working in the Electrics. The Kremlin is sometimes seen as a cyber crime.
More and more ransomware criminals steal data from their targets before encrypting the network, using it for blackmail. Brett Callow, an analyst with cybersecurity firm Emsisoft, said they often plant malware weeks before activating it, waiting for moments when they believe they can extract payments. tallest.
Callow said a total of 59 US healthcare providers or systems were affected by the ransomware by 2020, disrupting patient care at 510 facilities.
Hospitals and clinics have rapidly expanded data collection and added internet-enabled medical devices, many of which are poorly secured. Meanwhile, hospital administrators have been slow to update software, encrypt data, train network cleaners and recruit security experts, making them vulnerable to cyber attacks.
As hospitals respond to the coronavirus crisis, privacy and security protocols suffer, making patients vulnerable to identity theft, said Larry Ponemon, a data security expert. “The bad guys smell the problem.”
Writers of the Associated Press, Michael Hill in Albany, NY and Marion Renault in New York City contributed to this report.