The FBI, Department of Health and Human Services (HHS) and Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) have issued a joint cybersecurity advisory stating they have received “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”
“CISA, FBI, and HHS are sharing this information to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats,” the warning reads.
Alex Holden, CEO of Hold Security, said he alerted authorities last week after monitoring attempted attacks at several hospitals. Holden added that criminals have been using the dark web to discuss plans for targeting 400 hospitals and other medical facilities and were demanding ransoms between $5 million and $10 million per target.
Charles Carmakal, chief technical officer of the cybersecurity firm Mandian, has identified the criminal gang as the Russian-speaking UNC1878, which he called one of the “most brazen, heartless, and disruptive threat actors I’ve observed over my career.”
Sky Lakes Medical Center was targeted this week
Attackers are using Trickbot malware to deliver Ryuk ransomware, which was used in the attacks on the Key Biscayne and Lake City governments last year and Universal Health Services (UHS) last month. CNN reports that St. Lawrence Health Systems in New York, the Sky Lakes Medical Center in Oregon, and UHS (again) have been targeted over the last few days.
While the attacks coincide with the US elections, the criminals are said to be motivated solely by profit. As is always the case with ransomware, authorities advise victims not to hand over the crypto as it doesn’t guarantee their files will be recovered. But as we’ve seen before, desperate hospitals are often left with no other choice than to pay up.