FBI

health

FBI warns ransomware assault threatens US health care system

BOSTON (AP) — Federal agencies warned that cybercriminals could unleash a wave of data-scrambling extortion attempts against the U.S. health care system, an effort that, if successful, could paralyze hospital information systems just as nationwide cases of COVID-19 are spiking.

In a joint alert Wednesday, the FBI and two federal agencies said they had credible information of “an increased and imminent cybercrime threat” to U.S. hospitals and health care providers. The alert said malicious groups are targeting the sector with attacks aiming for “data theft and disruption of healthcare services.”

The impact of the expected attack wave is difficult to assess.


It involves a particular strain of ransomware, which scrambles a target’s data into gibberish until they pay up. Previous such attacks on health care facilities have impeded care and, in one case in Germany, led to the death of a patient, but such consequences are still rare.

The federal warning itself could help stave off the worst consequences, either by leading hospitals to take additional precautions or by expanding efforts to knock down the systems cybercriminals use to launch such attacks.

The offensive coincides with the U.S. presidential election, although there is no immediate indication the cybercriminals involved are motivated by anything but profit. The federal alert was co-authored by the Department of Homeland Security and the Department of Health and Human Services.

Independent security experts say the ransomware, called Ryuk, has already impacted at least five U.S. hospitals this week and could potentially affect hundreds more. Four health care institutions have been reported hit by ransomware so far this week, three belonging to the St. Lawrence Health System in upstate New York and the Sky Lakes Medical Center in Klamath Falls, Oregon.

Sky Lakes acknowledged the ransomware attack in an online statement, saying it had no evidence that patient information was compromised. It said emergency and urgent care “remain available.”

The St. Lawrence system also acknowledged a Tuesday ransomware attack, noting in a statement released Thursday that no patient or employee data appeared to have been accessed or compromised. Matthew Denner, the emergency services director for St. Lawrence County, told the Adirondack Daily Enterprise that the hospital owner instructed the county to divert ambulances from two of the affected hospitals for a few hours Tuesday. The company did not return requests for comment on that report.

Alex Holden, CEO of Hold Security, which has been closely tracking Ryuk for more than a year, said the attack could be unprecedented in magnitude for the U.S. In a statement, Charles Carmakal, chief technical officer of the security firm Mandiant, said the cyberthreat could be the “most significant” the country has ever seen.

The U.S. has seen a plague of ransomware over the past 18 months or so, with major cities from Baltimore to Atlanta hit and local governments and schools walloped especially hard.

In September, a ransomware attack hobbled all 250 U.S. facilities of the hospital chain Universal Health Services, forcing doctors and nurses to rely on paper and pencil

Read More
health

FBI, DHS Warn Hospitals of ‘Credible Threat’ from Hackers

Several federal agencies on Wednesday warned hospitals and cyber-researchers about “credible” information “of an increased and imminent cybercrime threat to U.S. hospitals and health-care providers.”

The FBI, the Department of Health and Human Services and the Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security and known as CISA, said hackers were targeting the sector, “often leading to ransomware attacks, data theft and the disruption of health-care services,” according to an advisory.

The advisory warned that hackers might use Ryuk ransomware “for financial gain.”

The warning comes as COVID-19 cases and hospitalizations surge across the country. The cybersecurity company FireEye Inc. said multiple U.S hospitals had been hit by a “coordinated” ransomware attack, with at least three publicly confirming being struck this week.

Ransomware is a type of computer virus that locks up computers until a ransom is paid for a decryption key.

The attack was carried out by a financially motivated cybercrime group dubbed UNC1878 by computer security researchers, according to Charles Carmakal, FireEye’s strategic services chief technology officer. At least three hospitals were severely affected by ransomware on Tuesday, he said, and multiple hospitals have been hit over the past several weeks. UNC1878 intends to target and deploy ransomware to hundreds of other hospitals, Carmakal said.

“We are experiencing the most significant cybersecurity threat we’ve ever seen in the United States,” he said. “UNC1878, an Eastern European financially motivated threat actor, is deliberately targeting and disrupting U.S. hospitals, forcing them to divert patients to other health-care providers.”

Multiple hospitals have already been significantly affected by Ryuk ransomware and their networks have been taken offline, Carmakal added. “UNC1878 is one of most brazen, heartless, and disruptive threat actors I’ve observed over my career.”

Attackers using Trickbot malware, which is also cited in the federal advisory, claimed Monday in private communications channel to have attacked more than 400 hospitals in the U.S., said Alex Holden, the founder of the cyber investigations firm Hold Security. By Tuesday, the Trickbot attack group — which frequently works with ransomware operators Ryuk — claimed to have ransomed about 30 medical facilities around the country, Holden said.

Noncriminals running these malware and ransomware operations are known to embellish their achievements, he said.

St. Lawrence Health System in New York, Sonoma Valley Hospital in California, and Sky Lakes Medical Center in Oregon on Tuesday all publicly stated they were affected by ransomware attacks, according to local news reports.

The ransomware that has targeted hospitals, retirement communities and medical centers this year has typically started with emails that purport to be corporate communications and sometimes contain the name of the victim or their company in the text or its subject line, according to a FireEye report released Wednesday. However, the emails can contain malicious Google Docs, typically in the form of a PDF file, that contains a link to malware. The use of multiple links, as well as PDF files, can help trick email filters designed to spot simpler phishing tactics.

—With assistance

Read More
health

FBI warns ransomware assault threatens U.S. healthcare system

BOSTON — Federal agencies warned that cybercriminals are unleashing a wave of data-scrambling extortion attempts against the U.S. healthcare system designed to lock up hospital information systems, which could hurt patient care just as nationwide cases of COVID-19 are spiking.

In a joint alert Wednesday, the FBI and two federal agencies warned that they had “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The alert said malicious groups are targeting the sector with attacks that produce “data theft and disruption of healthcare services.”

The cyberattacks involve ransomware, which scrambles data into gibberish that can only be unlocked with software keys provided once targets pay up. Independent security experts say it has already hobbled at least five U.S. hospitals this week, and could potentially impact hundreds more.

The offensive by a Russian-speaking criminal gang coincides with the U.S. presidential election, although there is no immediate indication they were motivated by anything but profit. “We are experiencing the most significant cyber security threat we’ve ever seen in the United States,” Charles Carmakal, chief technical officer of the cybersecurity firm Mandiant, said in a statement.

Alex Holden, CEO of Hold Security, which has been closely tracking the ransomware in question for more than a year, agreed that the unfolding offensive is unprecedented in magnitude for the U.S. given its timing in the heat of a contentions presidential election and the worst global pandemic in a century.

The federal alert was co-authored by the Department of Homeland Security and the Department of Health and Human Services.

The cybercriminals launching the attacks use a strain of ransomware known as Ryuk, which is seeded through a network of zombie computers called Trickbot that Microsoft began trying to counter earlier in October. U.S. Cyber Command has also reportedly taken action against Trickbot. While Microsoft has had considerable success knocking its command-and-control servers offline through legal action, analysts say criminals have still been finding ways to spread Ryuk.

Health systems with a presence on Long Island said they’ve aware of threats.

“Northwell Health is doing everything we can to remain vigilant against any potential attack,” said John Bosco, senior vice president and chief information officer at Northwell Health, the largest health system in the state.

Rockville Centre-based Catholic Health Services of Long Island said it has invested in technologies to ensure a secure environment for patient information.

“In addition, we are currently increasing awareness of phishing activity that is often the entry point for ransomware.” said Tim Swope, chief information security officer at CHS.

The U.S. has seen a plague of ransomware over the past 18 months or so, with major cities from Baltimore to Atlanta hit and local governments and schools hit especially hard.

In September, a ransomware attack hobbled all 250 U.S. facilities of the hospital chain Universal Health Services, forcing doctors and nurses to rely

Read More
health

FBI warns of “imminent” ransomware attacks on hospital systems

Federal agencies warned that cybercriminals are unleashing a wave of data-scrambling extortion attempts against the U.S. healthcare system designed to lock up hospital information systems, which could hurt patient care just as nationwide cases of COVID-19 are spiking.

In a joint alert Wednesday, the FBI and two federal agencies warned that they had “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The alert said malicious groups are targeting the sector with attacks that produce “data theft and disruption of healthcare services.”

The cyberattacks involve ransomware, which scrambles data into gibberish that can only be unlocked with software keys provided once targets pay up. Independent security experts say it has already hobbled at least five U.S. hospitals this week and could impact hundreds more.

The offensive by a Russian-speaking criminal gang coincides with the U.S. presidential election, although there is no immediate indication they were motivated by anything but profit.

“We are experiencing the most significant cyber security threat we’ve ever seen in the United States,” Charles Carmakal, chief technical officer of the cybersecurity firm Mandiant, said in a statement.

Alex Holden, CEO of Hold Security, which has been closely tracking the ransomware in question for more than a year, agreed that the unfolding offensive is unprecedented in magnitude for the U.S. given its timing in the heat of a contentions presidential election and the worst global pandemic in a century.

The federal alert was co-authored by the Department of Homeland Security and the Department of Health and Human Services.

Agence France-Presse notes that the agencies urged U.S. healthcare providers to take “timely and reasonable precautions” such as patching their operating systems, software and firmware as soon as possible and running antivirus and anti-malware scans regularly.

The cybercriminals launching the attacks use a strain of ransomware known as Ryuk, which is seeded through a network of zombie computers called Trickbot that Microsoft began trying to counter earlier this month.U.S. Cyber Command has also reportedly taken action against Trickbot.

While Microsoft has had considerable success knocking its command-and-control servers offline through legal action, analysts say criminals have still been finding ways to spread Ryuk.

Recent attacks

The U.S. has seen a plague of ransomware over the past 18 months or so, with major cities from Baltimore to Atlanta hit and local governments and schools hit especially hard.

In September, a ransomware attack hobbled all 250 U.S. facilities of the hospital chain Universal Health Services, forcing doctors and nurses to rely on paper and pencil for record-keeping and slowing lab work. Employees described chaotic conditions impeding patient care, including mounting emergency room waits and the failure of wireless vital-signs monitoring equipment.

Also in September, the first known fatality related to ransomware occurred in Duesseldorf, Germany, when an IT system failure forced a critically ill patient to be routed to a hospital in another city.

Holden said he alerted federal law enforcement Friday after monitoring infection attempts at a number of hospitals, some of which may have

Read More
health

FBI warns ransomware assault threatens US healthcare system

BOSTON (AP) — Federal agencies warned that cybercriminals are unleashing a wave of data-scrambling extortion attempts against the U.S. healthcare system designed to lock up hospital information systems, which could hurt patient care just as nationwide cases of COVID-19 are spiking.

In a joint alert Wednesday, the FBI and two federal agencies warned that they had “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” The alert said malicious groups are targeting the sector with attacks that produce “data theft and disruption of healthcare services.”

The cyberattacks involve ransomware, which scrambles data into gibberish that can only be unlocked with software keys provided once targets pay up. Independent security experts say it has already hobbled at least five U.S. hospitals this week, and could potentially impact hundreds more.

The offensive by a Russian-speaking criminal gang coincides with the U.S. presidential election, although there is no immediate indication they were motivated by anything but profit. “We are experiencing the most significant cyber security threat we’ve ever seen in the United States,” Charles Carmakal, chief technical officer of the cybersecurity firm Mandiant, said in a statement.

Alex Holden, CEO of Hold Security, which has been closely tracking the ransomware in question for more than a year, agreed that the unfolding offensive is unprecedented in magnitude for the U.S. given its timing in the heat of a contentions presidential election and the worst global pandemic in a century.

The federal alert was co-authored by the Department of Homeland Security and the Department of Health and Human Services.


The cybercriminals launching the attacks use a strain of ransomware known as Ryuk, which is seeded through a network of zombie computers called Trickbot that Microsoft began trying to counter earlier in October. U.S. Cyber Command has also reportedly taken action against Trickbot. While Microsoft has had considerable success knocking its command-and-control servers offline through legal action, analysts say criminals have still been finding ways to spread Ryuk.

The U.S. has seen a plague of ransomware over the past 18 months or so, with major cities from Baltimore to Atlanta hit and local governments and schools hit especially hard.

In September, a ransomware attack hobbled all 250 U.S. facilities of the hospital chain Universal Health Services, forcing doctors and nurses to rely on paper and pencil for record-keeping and slowing lab work. Employees described chaotic conditions impeding patient care, including mounting emergency room waits and the failure of wireless vital-signs monitoring equipment.

Also in September, the first known fatality related to ransomware occurred in Duesseldorf, Germany, when an IT system failure forced a critically ill patient to be routed to a hospital in another city.

Holden said he alerted federal law enforcement Friday after monitoring infection attempts at a number of hospitals, some of which may have beaten back infections. The FBI did not immediately respond to a request for comment.

He said the group was demanding ransoms well above $10 million per target and that criminals involved on the

Read More