Federal agencies warned hospitals, health care providers, and public health groups Wednesday that they were at risk of an “increased and imminent cybercrime threat” from ransomware, which could paralyze their computer systems and make it hard for them to deliver care. At least four hospitals have reported cyberattacks this week, and hundreds more could be at risk.
This could be “the biggest attack we’ve ever seen,” Allan Liska, an intelligence analyst for the firm Recorded Future, told CNN.
The attacks come as hospitals across the country are struggling to handle spikes in COVID-19 cases. Ransomware attacks shut down hospital computer systems, often forcing them to turn to pen and paper charts and sometimes locking them out of systems they need to run tests or scans on patients. If surges in coronavirus patients are already slowing down hospital operations and forcing some places to send patients away, a cyberattack could only make things worse.
Healthcare and Public Health sector partners - shields up! Assume Ryuk is inside the house. Executives - be ready to activate business continuity and disaster recovery plans. IT sec teams - patch, MFA, check logs, make sure you have a good backup point. https://t.co/j3cb26khHZ— Chris Krebs #Protect2020 (@CISAKrebs) October 29, 2020
These types of attacks have steadily increased over the past few years, and experts consistently warn that the systems health care organizations use are vulnerable.
Security experts believe a Russian-speaking group known as UNC1878 is behind the current attack. They’re financially motivated, and “one of most brazen, heartless, and disruptive threat actors I’ve observed over my career,” Charles Carmakal, chief technical officer of the cybersecurity firm Mandiant, told Reuters.
Despite pledges from some cybercrime groups to avoid hospitals during the COVID-19 pandemic, attacks have continued. Universal Health Services, a chain of hundreds of hospitals across the US, was struck by a cyberattack last month. In Germany, a woman died in what is believed to be the first fatality directly attributed to a hospital cyberattack.