Federal Agencies Issue Advisory on Escalation of Ransomware Attacks Against Hospitals

joint advisory from several federal agencies warns of a spike in ransomware targeting hospitals and other healthcare organizations. During such an attack, hackers use malware to hold the victims’ data, files and systems hostage until the demanded ransom is paid. At least one health system in New York – St. Lawrence Health System, according to Becker’s Health IT – reported an attack during this recent burst of cybercrimes.

The Watertown Daily and Northern New York Newspapers confirm that on October 27 three St. Lawrence Health System hospitals detected ransomware and disabled computer systems in an attempt to prevent it from spreading. As a result, according to the reporting, Canton-Potsdam Hospital, Gouverneur Hospital and Massena Hospital “diverted ambulances and moved to offline documentation methods.”

In The New York Times’ coverage of the cyberattacks, one security expert indicated that “Russian hackers have been trading a list of more than 400 hospitals they plan to target” and that “the hackers claimed to have already infected more than 30 of them.” A representative for a cybersecurity firm told CNN that this current escalation represents “the most significant cyber security threat we’ve ever seen in the United States” and the impact is “disrupting U.S. hospitals, forcing them to divert patients to other healthcare providers.” An intelligence analyst cited in the same piece says, “It is absolutely the biggest thing we’ve ever seen… crushing to see so many hospitals hit at the same time.”

Together the Federal Bureau of Investigation (FBI), the U.S. Department of Health and Human Services (HHS) and the Cyber Security and Infrastructure Security Agency (CISA) under the Department of Homeland Security (DHS) issued the October 28 alert based on a 24-hour period earlier in the week during which six U.S. hospitals were “infected with Ryuk ransomware for financial gain.” The agencies have “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers” via “Trickbot malware, often leading to ransomware attacks, data theft and the disruption of healthcare services.”

While these attacks are always dangerous, the federal agencies note that COVID-19 makes these issues “particularly challenging for organizations.” In fact, says The Times, hackers’ demands during this string of attacks were higher than previous demands, seeming to reflect the increased urgency the pandemic creates for hospitals and health systems.

Within the joint advisory, the FBI, HHS and CISA/DHS list the technical details of the threat and describe plans and policies that can mitigate the threat, including best practices for networks, training for users and specific tactics for fighting ransomware. MLMIC encourages policyholders to read it in its entirety here.