Hospitals across the US have been hit by a wave of ransomware attacks, disrupting their computer systems and forcing them to turn away ambulances

Aaron Holmes
·3 min read
covid hospital texas
Carolyn Cole/Los Angeles Times via Getty Images
  • Cybercriminals are targeting hospitals across the US with ransomware that aims to disrupt computer systems and delay medical care, the FBI said in a warning Wednesday night.

  • The attacks aim to extort hospitals by demanding a ransom payment to restore their computer systems, preying on the urgency of medical care as COVID-19 cases spike across the country.

  • At least 5 hospitals in New York, Oregon, and Minnesota reported that their systems were affected by ransomware this week.

  • The FBI is advising hospitals to back up their files and take as many of their computer systems offline as possible while the attacks are being investigated.

  • Visit Business Insider's homepage for more stories.

Hospitals across the US are being targeted by cybercriminals using ransomware to take their computer systems offline and extort them, the FBI warned in an advisory issued Wednesday night.

At least five hospitals in New York, Oregon, and Minnesota reported that their systems were affected by ransomware this week, causing delays in patient care and forcing some hospitals to turn away ambulances while they recovered from the attacks.

The new wave comes amid a spike of ransomware attacks that federal authorities and security experts are scrambling to stay on top of. Ransomware attacks have risen by 50% over the past three months, security firm Check Point spokesperson Ekram Ahmed said in a statement to Business Insider. During that time, the percentage of healthcare organizations targeted by ransomware rose from 2.3% to 4%.

Three hospitals in upstate New York run by St. Lawrence Health Systems were forced to divert ambulances and start using pen and paper for documentation after their computer systems were crippled by the ransomware. A spokesperson for the hospital system told the Watertown Daily Times that no patient data was compromised.

Other affected hospital systems include Sky Lakes Medical Center in Oregon, which disclosed the attack in an online statement, and Ridgeview Medical Center in Minnesota, which told local news outlets that it was investigating unidentified network activity.

The attacks are being carried out using two malware strains known as Ryuk and Trickbot, according to the FBI notice, which was co-authored by the Department of Homeland Security and the Department of Health and Human Services. Both strains have been used by hackers for years, but have recently been refined to evade security defenses, according to Adam Meyers, SVP of intelligence at the security firm CrowdStrike.

"The recent Ryuk attacks on US-based hospital systems indicate the continued proliferation and evolution of ransomware," Meyers told Business Insider. "We have also witnessed a disturbing trend ... in which adversaries are moving beyond encrypting files to exfiltrating data and threatening to release it if demands are not met."

The latest wave of attacks follows a massive ransomware strike that paralyzed the United Health Services hospital chain in September, disrupting patient care at more than 250 hospitals across the US. It took UHS more than two weeks to restore its networks to normal operations.

At least 62 healthcare providers in the US have been impacted by ransomware attacks so far in 2020, potentially disrupting patient care at more than 200 individual facilities, Brett Callow, an analyst with cybersecurity firm Emsisoft, told Business Insider.

The FBI is advising hospitals to back up their files, warn employees not to open emails sent from addresses they don't recognize, and to take as many of their computer systems offline as possible. Hospitals should be willing to take steps that my cost them some functionality while the ransomware attacks are being investigated, said Sam Curry, CSO of the security firm Cybereason.

"Taking this issue seriously means making the tough choice between losing some functionality pro-actively by disconnecting some systems as opposed to running a chance of losing all functionality if targeted," Curry said in a statement to Business Insider. "It's time to practice cyber hygiene alongside medical hygiene."

Read the original article on Business Insider