Rising number of ransomware attacks target US hospitals

It’s been a tough year for hospitals – the COVID-19 pandemic has led to beds at full capacity, shortage of supplies, and overworked staff. On top of it all, hospitals are now facing a rising number of ransomware attacks targeting their systems for financial gain.

As reported by NPR, the concern over cyberattacks against hospitals has grown so severe that the Cybersecurity and Infrastructure Agency (CISA), Federal Bureau of Investigation (FBI), and Department of Health and Human Services (DHHS) issued a joint advisorywarning of “an imminent and increased cybercrime threat” and advising cybersecurity staff to prepare.

The attacks are believed to occur through phishing attacks, where emails either contain the malware as an attachment or include links to malicious websites.

“The agencies said hackers are using Ryuk ransomware,” reported NPR, “and the Trickbot network of infected computers to steal data, disrupt health care services and extort money from health care facilities.”

NPR spoke with Charles Carmakal, chief technology officer of cybersecurity firm Mandiant, who shared that during the pandemic many hackers have lessened their attacks on health systems due to the increased impact on lives. However, the recent attackers using Ryuk seem to be only focused on money.

“We are experiencing the most significant cybersecurity threat we've ever seen in the United States,” Carmakal told NPR. “One of most brazen, heartless and disruptive threat actors I've observed over my career.”

When hospital and other health care systems go down, they are forced to revert to paper records, which could result in far-reaching negative consequences.

With lives at stake, it’s key that cybersecurity professionals are able to anticipate, prevent, and respond to attacks. Giving in to the ransomware requests does not guarantee data will be returned and may end up encouraging future ransomware attacks.

In addition to ransomware, CISA warns the attacks may include credential harvesting, mail exfiltration, cryptomining, and point-of-sale data exfiltration.

Cybersecurity professionals are working to ensure that best practices are followed to fight the increased threats. This includes ensuring network security through applying operating system, software, and firmware updates; using multi-factor authentication; and identifying critical assets and ensuring they are backed up offline.

CISA recommends that cybersecurity professionals ensure that the end users are aware of threats and how they may be delivered. Having a plan of attack is also vital.

“Ensure that employees know who to contact when they see suspicious activity or when they believe they have been a victim of a cyberattack,” says CISA. “This will ensure that the proper established mitigation strategy can be employed quickly and efficiently.”

Want to learn about cybersecurity? View the full list of bachelor’s, master’s and doctorate degrees in cyber and information security. Many courses are available both on campus and online. To learn more about Capitol Tech’s degree programs, contact admissions@captechu.edu.