Amid recent reports of hackers targeting and blackmailing health care systems and even patients, the Federal Bureau of Investigation and other agencies have issued warning of “imminent” cyberattacks on more U.S. hospitals.
A new report released by the Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security, noted that the FBI and the Department of Health & Human Services have “credible information of an increased and imminent cybercrime threat to U.S. hospitals and health care providers.”
The agencies are urging “timely and reasonable precautions” to protect health care networks from these threats.
As reported, hackers accessed patient records at Vastaamo, Finland’s largest private psychotherapy system, and emailed some patients last month demanding €200 in bitcoin or else personal health data would be released online.
In June, the University of California, San Francisco, experienced an information technology (IT) “security incident” that led to the payout of $1.14 million to individuals responsible for a malware attack in exchange for the return of data.
In addition, last week, Sky Lakes Medical Center in Klamath Falls, Ore., released a statement in which it said there had been a ransomware attack on its computer systems. Although “there is no evidence that patient information has been compromised,” some of its systems are still down.
“We’re open for business, it’s just not business as usual,” Tom Hottman, public information officer at Sky Lakes, said in an interview.
, Dollard Professor of Psychiatry, Medicine, and Law at Columbia University, New York, said in an interview, “People have known for a long time that there are nefarious actors out there.” He said all health care systems should be prepared to deal with these problems.
“In the face of a warning from the FBI, I’d say that’s even more important now,” Dr. Appelbaum added.
‘Malicious cyber actors’
In the new CISA report, the agency noted that it, the FBI, and the HHS have been assessing “malicious cyber actors” targeting health care systems with malware loaders such as TrickBot and BazarLoader, which often lead to data theft, ransomware attacks, and service disruptions.
“The cybercriminal enterprise behind TrickBot, which is likely also the creator of BazarLoader malware, has continued to develop new functionality and tools, increasing the ease, speed, and profitability of victimization,” the report authors wrote.
Phishing campaigns often contain attachments with malware or links to malicious websites. “Loaders start the infection chain by distributing the payload,” the report noted. A backdoor mechanism is then installed on the victim’s device.
In addition to TrickBot and BazarLoader (or BazarBackdoor), the report discussed other malicious tools, including Ryuk and Conti, which are types of ransomware that can infect systems for hackers’ financial gain.
“These issues will be particularly challenging for organizations within the COVID-19 pandemic; therefore, administrators will need to balance this risk when determining their cybersecurity investments,” the agencies wrote.
Dr. Appelbaum said his organization is taking the warning seriously.
“When the report first came out, I received emails from every system that I’m affiliated with warning about it and encouraging me as a member of the medical staff to take the usual prudent precautions,” such as not opening attachments or links from unknown sources, he said.
“The FBI warning has what seems like very reasonable advice, which is that every system should automatically back up their data off site in a separate system that’s differently accessible,” he added.
After a ransomware attack, the most recently entered information may not be backed up and could get lost, but “that’s a lot easier to deal with then losing access to all of your medical records,” said Dr. Appelbaum.
, medical director at the Institute for Technology and Psychiatry at McLean Hospital, Belmont, Mass., noted that, in answer to the FBI warning, he has heard that many centers, including his own, are warning their clinicians not to open any email attachments at this time.