University of Michigan Health public websites hit by pro-Russian cyberattack

Christina Hall, Detroit Free Press
·3 min read

University of Michigan Health experienced problems with its public websites Monday as a result of a cyberattack on a vendor, according to a statement from the hospital system.

The problems are among other reports of similar cyberattacks at hospital systems around the United States and in other countries that have agreed to provide tanks to Ukraine, which was invaded by Russia nearly a year ago.

“University of Michigan Health has been experiencing intermittent problems with its public websites as a result of a cyberattack on a third-party vendor we use to host some of our sites. We are working with the third party to mitigate it and expect to have our sites fully functional as soon as possible,” according to the statement from spokeswoman Mary Masson.

“Patients can still access the patient portal via myuofmhealth.org.”

By late afternoon, Masson said the problems were intermittent.

U-M patient portal appeared to escape hack

Free Press reporters tried to access the public websites for the University of Michigan Health and Mott Children’s Hospital Monday morning, but they wouldn’t load. Reporters saw messages that the sites couldn’t be reached. Another attempt showed a website with a plain page and links at the top.

The patient portal log-on page appeared to look and work normally.

“The only sites that have been attacked are public websites hosted by a third-party vendor,” Masson added. “None of the sites impacted contain patient information, and all patient information is safe.”

Cybersecurity tracker BetterCyber tweeted Monday that the hospital and health system websites were among several U.S. health care organization and hospital websites for which disturbed denial of service (DDoS) attacks were launched by the pro-Russian hacktivist group KillNet.

The U.S. Department of Health and Human Services Health Sector Cybersecurity Coordination Center last month warned U.S. health care and public health providers about hacktivist groups, including KillNet.

More:U-M cyberattack hits 33K patients

More:Hacking is a threat to all: What you can do to prevent it

Outages can last days, but tend not to cause major damage

It stated the pro-Russian hacktivist group, which had recently targeted a U.S. organization in the health care industry, was known to launch DDoS attacks that primarily target European countries perceived to be hostile to Russia. It also was known for such campaigns against countries supporting Ukraine, especially NATO countries, since the Russia-Ukraine war began last year, according to an analyst note last month.

Another analyst note published Monday stated the group, active since at least January 2022, “has targeted the U.S. health care industry in the past and is actively targeting the health and public health sector.” It added the group operates “multiple public channels aimed at recruitment and garnering attention from these attacks.”

The note states DDoS can cause thousands of connection requests and packets to be sent to the target or website per minute, slowing down or stopping vulnerable systems. The attacks “usually do not cause major damage, they can cause service outages lasting several hours or even days.”

More:War in Ukraine heightens risk of Russian cyberattacks in US, Michigan experts say

The note also stated that on Jan. 28 an alleged KillNet attack list for hospitals and medical organizations in several countries was found by users and publicly shared.

Free Press staff writer Kristen Jordan Shamus contributed to this report.

Contact Christina Hall: chall@freepress.com. Follow her on Twitter: @challreporter.

Support local journalism. Subscribe to the Free Press.

This article originally appeared on Detroit Free Press: U-M Health public websites hit by pro-Russian cyberattack