According to a report from on the Cybersecurity & Infrastructure Security Agency website, the FBI and two federal agencies have issued a federal alert, warning that they had ‘credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers’.
The joint cybersecurity advisory was co-authored by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS). The federal alert details that cybercriminals are targeting hospitals and healthcare providers with Ryuk ransomware for financial gain.
“We are experiencing the most significant cyber security threat we’ve ever seen in the US,” Charles Carmakal, Chief Technical Officer of the cybersecurity firm Mandiant, said in a statement.
Ransomware causes a patient fatality
Independent security experts say these ransomware attacks have already affected at least five US hospitals in the final week of October and could potentially impact hundreds more. And, over in Duesseldorf, Germany, a ransomware fatality occurred in September, British news outlet The Guardian reported, when an IT system failure forced a critically ill patient to be routed to a hospital in another city.
Alex Holden, CEO of Hold Security, which has been closely tracking the ransomware in question for more than a year, noted that the group was demanding ransoms above US$10 million per target, and that criminals on the dark web were planning to infect more than 400 hospitals, clinics and other medical facilities.
“One of the comments from the bad guys is that they are expecting to cause panic and, no, they are not hitting election systems,” Holden said. “They are hitting where it hurts even more, and they know it.”
Increased challenges during global pandemic
“These issues will be particularly challenging for organisations within the Covid-19 pandemic; therefore, administrators will need to balance this risk when determining their cybersecurity investments,” the federal alert read.
CISA, FBI and HHS suggest that organisations continue to maintain business continuity plans to minimise service interruptions. “Evaluating continuity and capability will help identify continuity gaps. Through identifying and addressing these gaps, organisations can establish a viable continuity programme that will help keep them functioning during cyberattacks or other emergencies,” the federal alert read. “CISA, FBI, and HHS suggest HPH Sector organisations review or establish patching plans, security policies, user agreements, and business continuity plans to ensure they address current threats posed by malicious cyber actors.”
Do not pay ransoms, the federal alert advises
The organisations added that they did not recommend paying ransoms, as it did not guarantee files would be recovered, it simply encouraged adversaries to target additional organisations.
As more organisation move towards digital, cloud-based forms of patient care, they will need to be increasingly aware of the risks they face in terms of cybersecurity. Hospitals & Healthcare covered a report in September, which warned that the boom in telehealth was also raising the risk of cyber attacks. As SecurityScorecard noted at the time, healthcare organisations should continue to keep a focus on cyber resilience.