Healthcare facilities targeted for ransomware attacks

October 29, 2020
Keith A. Reynolds

A government alert warns of an increased and imminent cybercrime threat against U.S. hospitals and healthcare providers.

Federal authorities are sounding the alarm on a cyber threat against U.S. hospitals and healthcare facilities.

According to an alert from the Cybersecurity & Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS), these agencies have credible information about an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers. They believe that the goal is to spread the Ryuk ransomware for financial gain.

The same malware is believed to have been used against Universal Health Services in September.

According to a report from Wired, hospital personnel say that they have moved to an all-paper system due to the attack which has left patients being rerouted to other emergency departments and waiting for appointments and test results.

The attack was undertaken overnight in an effort to encrypt and lock down as many systems as possible. Screens at facilities in California, Florida, Texas, Arizona, and Washington D.C. were changed to display a ransom message, according to Bleeping Computer, which first reported the attack.

Bleeping Computer cites an expert who says that the attack likely originated through phishing and that four patients have died due to physicians having to wait for lab results to arrive via currier.

Oliver Noble, an encryption specialist with Nordlocker, says in a Medical Economics article that some of the things physicians and hospitals can do to keep their IT systems safe include:

  • Adopt zero-trust network access, meaning that every access request by a member of medical staff should be granted only after their identity has been appropriately verified.
  • Encrypt medical files to avoid data leaks in ransomware. Business encryption solutions make sure important information stored on corporate computers is always protected from prying eyes with strong encryption. The tool also offers an encrypted cloud for easy access and secured data storage.
  • Have up-to-date backups available to keep the chances of data loss as slim as possible. If an attack is successful, there will still be an unaffected older version of the files. Again, a cloud solution for companies is a great way to back up data.

Related Content:

News | Technology