clock menu more-arrow no yes mobile

Filed under:

FBI warns that hackers are targeting hospitals while coronavirus admissions surge

A new wave of ransomware attacks is “imminent,” according to US authorities.

A member of the dialysis team prepares to treat a patient with coronavirus in the intensive care unit at a hospital on May 1, 2020, in Leonardtown, Maryland.
Hospitals may be the targets of ransomware attacks that will take their systems offline and possibly compromise patient care.
Win McNamee/Getty Images
Sara Morrison is a senior Vox reporter who has covered data privacy, antitrust, and Big Tech’s power over us all for the site since 2019.
Open Sourced logo

As though hospitals across America didn’t have enough to handle with the recent resurgence of Covid-19 causing overflows and straining their resources, they’re now the possible targets of a new onslaught of ransomware attacks.

An alert from the FBI, the Department of Health and Human Services (HHS), and the Cybersecurity and Infrastructure Security Agency (CISA) said on Wednesday that there is an imminent threat of ransomware attacks on American hospitals and health care providers. Ransomware is malware that locks up a system’s computers and data until a ransom is paid. The alert didn’t specify who the agencies thought might be responsible for the attacks, but HHS has said in the past that the ransomware associated with the current threat is linked to Russian criminal groups. The alert also didn’t say how many — if any — health care institutions had already been affected, but Reuters reports that there were attacks in New York, Oregon, and Washington state.

The threat identified by the FBI, CISA, and HHS comes from the “Ryuk” ransomware, which emerged in mid-2018 and has cost companies and municipalities at least tens of millions of dollars in ransom payments, in addition to whatever costs were incurred for IT fixes and lost business.

“Ryuk is a relatively young ransomware family that was discovered in August 2018 and has made significant gains in popularity in 2020,” Dmitriy Ayrapetov, of internet security company SonicWall, said in a statement to Recode. “The increase of remote and mobile workforces appears to have increased its prevalence, resulting not only in financial losses, but also impacting health care services with attacks on hospitals.”

Ryuk is believed to be behind the recent ransomware attack on Universal Health Services (UHS), which owns 400 facilities across the United States and the United Kingdom. The company was forced to take down systems across all 250 of its American facilities. UHS said the attack didn’t harm any of its patients, but employees told the Associated Press that it delayed getting crucial information about patient care and communication with other health professionals.

A new report from SonicWall blamed Ryuk for a third of all known ransomware attacks identified in the last year, and there’s been a significant increase in ransomware attacks in general over the last several months. Hackers have taken advantage of the coronavirus pandemic in other ways, too, sending phishing emails from spoofed addresses relating to health organizations or addresses that closely mimic those organizations.

Hospitals make good targets for ransomware because victims are more likely to pay the ransom as quickly as possible given the possible consequences of any delay in accessing their systems. A 2017 ransomware attack on the UK’s National Health Service cost tens of millions of dollars, and nearly 20,000 patient appointments had to be canceled while the system was offline, compromising their care. An attack on a German hospital in September of this year is believed to have caused a woman’s death, the first known death linked to ransomware (somewhat ironically, the attackers only meant to shut down the university associated with the hospital and not the hospital itself).

Chris Wysopal, co-founder and chief technology officer of cybersecurity software company Veracode, told Recode back in January that hospitals and local governments are good “soft targets” for ransomware attacks because they often don’t have the money or dedicated personnel needed to sufficiently protect their systems from hackers.

There have also been reports of hacking attempts from China, Russia, and Iran on institutions and companies developing coronavirus vaccines and doing other virus-related work, but in those cases it is more likely the countries are hoping to steal the research for themselves.

Open Sourced is made possible by Omidyar Network. All Open Sourced content is editorially independent and produced by our journalists.

Sign up for the newsletter Sign up for Vox Recommends

Get curated picks of the best Vox journalism to read, watch, and listen to every week, from our editors.