Skip to main content

A cybercrime group is targeting US hospitals, federal agencies warn

A cybercrime group is targeting US hospitals, federal agencies warn


Hundreds of facilities are at risk

Share this story

Illustration by Ana Kova

Federal agencies warned hospitals, health care providers, and public health groups Wednesday that they were at risk of an “increased and imminent cybercrime threat” from ransomware, which could paralyze their computer systems and make it hard for them to deliver care. At least four hospitals have reported cyberattacks this week, and hundreds more could be at risk.

This could be “the biggest attack we’ve ever seen,” Allan Liska, an intelligence analyst for the firm Recorded Future, told CNN.

The attacks come as hospitals across the country are struggling to handle spikes in COVID-19 cases. Ransomware attacks shut down hospital computer systems, often forcing them to turn to pen and paper charts and sometimes locking them out of systems they need to run tests or scans on patients. If surges in coronavirus patients are already slowing down hospital operations and forcing some places to send patients away, a cyberattack could only make things worse.

These types of attacks have steadily increased over the past few years, and experts consistently warn that the systems health care organizations use are vulnerable.

Security experts believe a Russian-speaking group known as UNC1878 is behind the current attack. They’re financially motivated, and “one of most brazen, heartless, and disruptive threat actors I’ve observed over my career,” Charles Carmakal, chief technical officer of the cybersecurity firm Mandiant, told Reuters.

Despite pledges from some cybercrime groups to avoid hospitals during the COVID-19 pandemic, attacks have continued. Universal Health Services, a chain of hundreds of hospitals across the US, was struck by a cyberattack last month. In Germany, a woman died in what is believed to be the first fatality directly attributed to a hospital cyberattack.