Coronavirus India and United States

US hospitals on high alert amid wave of ransomware attacks

Updated
Oct 30, 2020, 06:59 AM
Published
Oct 30, 2020, 05:00 AM

WASHINGTON • Eastern European criminals are targeting dozens of US hospitals with ransomware, and federal officials have urged healthcare facilities to beef up preparations rapidly in case they are next.

The Federal Bureau of Investigation (FBI) is investigating the recent attacks, which include incidents in Oregon, California and New York made public just this week, three cyber-security consultants familiar with the matter said on Wednesday.

A doctor at one hospital said the facility was functioning on paper after a cyber attack and unable to transfer patients.

"We can still watch vitals and getting imaging done, but all results are being communicated via paper only," said the doctor, who declined to be named.

Staff could see historic records but not update those files.

Experts said the likely group behind the attacks was known as Wizard Spider or UNC 1878, and warned that such attacks can lead to loss of life.

The attacks prompted a teleconference call on Wednesday led by FBI and Homeland Security officials for hospital administrators and cyber-security experts.

A participant said officials warned hospitals to ensure their backup systems were in order, to disconnect from the Internet where possible, and avoid using personal e-mail accounts.

"This appears to have been a coordinated attack designed to disrupt hospitals specifically all around the country," said threat intelligence analyst Allan Liska with US cyber-security firm Recorded Future.

More On This Topic
Covid-19 surges across US as some hospitals stretched
Trump website defaced, campaign working with law enforcement

"This is the first time we have seen six hospitals targeted in the same day by the same ransomware actor."

Ransomware attacks have jumped 50 per cent over the past three months, security firm Check Point said, with the proportion of polled healthcare organisations affected jumping to 4 per cent in the third quarter from 2.3 per cent in the previous quarter.

Two of the consultants familiar with the attacks said the cyber criminals were commonly using a ransomware known as "Ryuk", which locks up a victim's computer until a payment is received.

The teleconference call participant said government officials disclosed that the attackers used Ryuk and another trojan horse, known as Trickbot, against the hospitals.

"UNC 1878 is one of the most brazen, heartless, and disruptive threat actors I've observed over my career," said Mr Charles Carmakal, senior vice-president for US cyber-incident response firm Mandiant.

REUTERS

Join ST's Telegram channel and get the latest breaking news delivered to you.

A version of this article appeared in the print edition of The Straits Times on October 30, 2020, with the headline US hospitals on high alert amid wave of ransomware attacks. Subscribe

Available for
iPhones and iPads
Available in
Google Play

MCI (P) 066/10/2023. Published by SPH Media Limited, Co. Regn. No. 202120748H. Copyright © 2024 SPH Media Limited. All rights reserved.

Back to the top