Newest Target of Cyber Attacks: America’s Hospitals

Nearly half of all U.S. hospitals have disconnected their networks in the past six months due to escalating ransomware attacks, according to a new study from Philips and CyberMDX.

The cybercrime crisis has become so acute in medical care that dozens of hospitals and clinics in West Virginia and Ohio are canceling surgeries and diverting ambulances following a ransomware attack that knocked out staff access to IT systems across virtually all operations, said a story from artstechnica posted Tuesday,

The facilities are owned by Memorial Health System, which represents 64 clinics, including hospitals Marietta Memorial, Selby General, and Sistersville General in the Marietta-Parkersburg metropolitan area in West Virginia and Ohio.

Early on Sunday, the chain experienced a ransomware attack that hampered the three hospitals’ ability to operate normally.

This summer, a ransomware attack on a national hospital chain “nearly brought Las Vegas hospitals to their knees,” reported the Wall Street Journal.

Another attack in Oregon abruptly shut down alerts tied to patient monitors tracking vital signs. In New York, one county’s only trauma center briefly closed to ambulances, with the nearest alternative 90 miles away, because of ransomware.

Already this year, 38 attacks on health care providers or systems have disrupted patient care at roughly 963 locations, compared with 560 sites being impacted in 80 separate incidents from all of 2020, according to Brett Callow, a threat analyst at security firm Emsisoft, reported artstechnica.

The increased cyberattacks come as COVID-19 variants are driving up positivity rates across America.

The Perspectives in Healthcare Security Report that found 48 percent of hospitals had disconnected their systems in the the past six months is based on interviews with 130 IT and cybersecurity hospital executives and biomedical engineers and technicians, according to a story posted by infosecurity magazine.

Respondents who admitted to shutting down networks due to ransomware “were a mix of those who did so proactively to avoid a damaging breach and those forced to do so because of severe malware infection,” reported infosecurity.

Experts say that a particularly ruthless group of Eastern European cybercriminals once called the “Business Club,” with ties to Russian government security services, are focused on extorting American hospitals, said the Wall Street Journal.

“Now known by many researchers as Ryuk, after its signature software, it is the most prolific ransomware gang in the world, accounting for one-third of the 203 million U.S. ransomware attacks in 2020, according to cybersecurity firm SonicWall,” said the Wall Street Journal.

Ryuk ransomware collected at least $100 million in paid ransom last year, according to the bitcoin analysis firm Chainalysis.

“They do not care. Patient care, people dying, whatever. It doesn’t matter. Other groups you can at least have a conversation. You can tell them, ‘We’re a hospital, someone’s going to die.’ Ryuk won’t even reply to that email,” Bill Siegel, CEO of the ransomware recovery firm Coveware, told the Wall Street Journal.

Another cybercrime group with ties to Russia, Conti, is also targeting hospitals as well as 911 dispatch carriers and law enforcement situations, according to The Crime Report.

Medium-sized U.S. hospitals appear to have suffered most from these attacks, reported infosecurity.

“Skills gaps and low levels of investment in cybersecurity were highlighted as possible contributing factors,” said the magazine.

“Just 11 percent of respondents said cybersecurity is a ‘high priority’  for spending, while nearly half of all respondent types claimed their medical device and IoT security staffing levels are inadequate.”

See also: After REvil Who are the Next Cybersaboteurs?  The Crime Report, July 29, 2021.  

Nancy Bilyeau is Deputy Editor of The Crime Report