FBI warns ransomware assault threatens US healthcare system

BOSTON (AP) — Federal agencies warned that cybercriminals are unleashing a wave of data-scrambling extortion attempts against the United States (US) healthcare system designed to lock up hospital information systems, which could hurt patient care just as nationwide cases of COVID-19 are spiking.

In a joint alert on Wednesday, the Federal Bureau of Investigation (FBI) and two federal agencies warned that they had “credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers”. The alert said malicious groups are targetting the sector with attacks that produce “data theft and disruption of healthcare services”.

The cyberattacks involve ransomware, which scrambles data into gibberish that can only be unlocked with software keys provided once targets pay up. Independent security experts said it has already hobbled at least five US hospitals this week, and could potentially impact hundreds more.

The offensive by a Russian-speaking criminal gang coincides with the US presidential election, although there is no immediate indication they were motivated by anything but profit. “We are experiencing the most significant cyber security threat we’ve ever seen in the United States,” Chief Technical Officer of the cybersecurity firm Mandiant Charles Carmakal said in a statement.

Hold Security CEO Alex Holden, whose organisation has been closely tracking the ransomware in question for more than a year, agreed that the unfolding offensive is unprecedented in magnitude for the US given its timing in the heat of a contentions presidential election and the worst global pandemic in a century.

The federal alert was co-authored by the Department of Homeland Security and the Department of Health and Human Services.

The cybercriminals launching the attacks use a strain of ransomware known as Ryuk, which is seeded through a network of zombie computers called Trickbot that Microsoft began trying to counter earlier in October. US Cyber Command has also reportedly taken action against Trickbot. While Microsoft has had considerable success knocking its command-and-control servers offline through legal action, analysts say criminals have still been finding ways to spread Ryuk.

The US has seen a plague of ransomware over the past 18 months or so, with major cities from Baltimore to Atlanta hit and local governments and schools hit especially hard.

In September, a ransomware attack hobbled all 250 US facilities of the hospital chain Universal Health Services, forcing doctors and nurses to rely on paper and pencil for record-keeping and slowing lab work. Employees described chaotic conditions impeding patient care, including mounting emergency room waits and the failure of wireless vital-signs monitoring equipment.

Also in September, the first known fatality related to ransomware occurred in Duesseldorf, Germany, when an IT system failure forced a critically ill patient to be routed to a hospital in another city.

Holden said he alerted federal law enforcement after monitoring infection attempts at a number of hospitals, some of which may have beaten back infections. The FBI did not immediately respond to a request for comment.

He said the group was demanding ransoms well above USD10 million per target and that criminals involved on the dark web were discussing plans to try to infect more than 400 hospitals, clinics and other medical facilities.