Hospitals and health care providers across the United States have been hit this week by a coordinated attack from a ransomware gang that operates from Eastern Europe.
Analysts have said the group likely to be behind the attacks is known as Wizard Spider or UNC 1878. They warn that such attacks can disrupt hospital operations and potentially lead to loss of life.
The federal agencies said hackers were targeting the health care sector, “often leading to ransomware attacks, data theft, and the disruption of health-care services.” The advisory said cybercriminals are using Ryuk ransomware for financial gain.
Ryuk ransomware is seeded through a network of zombie computers called Trickbot that Microsoft began trying to counter earlier in October. While the company has had considerable success knocking Trickbot command-and-control servers offline through legal action, analysts say criminals have still found ways to spread Ryuk.
Security analysts have warned that the targeted attacks could potentially impact hundreds more hospitals nationwide.
Ransomware attacks have increased 50 percent over the past three months, security firm Check Point stated on Oct. 28, with the proportion of polled health care organizations impacted jumping to 4 percent in the third quarter from 2.3 percent in the previous quarter.
In September, all 250 U.S. facilities of hospital chain Universal Health Services were targeted in a ransomware attack, forcing employees to resort to using pen and paper for patient records. Emergency room waits were delayed and wireless vital-signs monitoring equipment failed.
Highlighting the dangers of cybercriminal activity, John Riggi, senior adviser for cybersecurity and risk at the American Hospital Association, described a ransomware attack that causes a hospital to suspend patient care operations as “akin to a mass-casualty terrorist attack.”
Ransomware has accounted for more than 70 percent of the successful cyberattacks on health care organizations in each of the past two years, Riggi said.
This particular method of cybercrime is being increasingly used by government and terrorist groups “as a way to level the playing field” against more powerful adversaries such as the United States, “which they know they could not defeat in a direct, head to head military confrontation,” Riggi said.
“They know they are at less of a disadvantage by engaging in asymmetrical warfare, using difficult to attribute cyber attacks to achieve their foreign policy, military, and intelligence objectives. Unfortunately, and inexcusably, this sometimes either places hospitals directly in the crosshairs of the U.S.’s cyber adversaries, or makes them become foreseeable collateral damage.”