Lives Are At Stake As More US Hospitals Are Hacked

 US government agencies have warned that hospitals across the US have been hit by an aggressive ransomware campaign originating from N. Korea since 2021. 

The number of ransomware attacks on US healthcare organisations has increased by 94% from 2021 to 2022, according to a report from leading cyber security firm Sophos.

Some ransomware gangs pledged to not target medical facilities during the COVID-19 pandemic, but hospitals are still getting hit. Vitally, these attacks don't just affect  IT systems.

Ransomware attacks, in which criminal hackers encrypt computer networks and demand payment to make them functional again, have been a growing concern for both the private and public sector since the 90s. But they can be particularly devastating in the healthcare industry, where even a few minutes of downtime can have deadly consequences and have become ominously frequent.

Ransomware attacks on healthcare are particularly common in the US, with 41% of such attacks globally having been carried out against US-based firms in 2021. “The current outlook is terrible,” said Israel Barak, CISO of Cybereason. “We are seeing the industry experience an extremely sharp increase in both the quantity and level of sophistication of these attacks.”

Ransomware attacks have caused major healthcare disruptions, including delayed chemotherapy treatments and ambulances being diverted after computer systems were frozen. In 2021, a lawsuit filed by the mother of a baby who died in Alabama was the first “death by ransomware”, blaming a 2019 hack of a hospital for fatal brain damage of the newborn after heart rate monitors failed.

The potentially devastating consequences for medical facilities may be one of the reasons hackers have identified them as a high-profile target. 

The Cybersecurity and Infrastructure Security Agency (CISA) advise hospitals against paying ransoms, but providers often feel they have no choice. In 2021, 61% of healthcare organisations that suffered a ransomware attack paid the ransom, the highest percentage of any industry sector. “The North Korean state-sponsored cyber actors likely assume healthcare organisations are willing to pay ransoms because these organisations provide services that are critical to human life and health,” according to Barak. “When lives are at stake, it makes the decision very easy,” Barak said. “These attackers have identified medical organisations as very, very good targets because they are more likely to pay.” he said.

Attacks are typically carried out by private groups of criminals. In the third quarter of 2021, 30% of ransomware attacks on healthcare entities were carried out by Conti, a crime syndicate thought to be based in Russia, according to an industry report from cyber security firm BreachQuest. However, the recent incidents attributed to N Korea are just the latest state actor to orchestrate ransomware attacks on healthcare organisations.

The healthcare industry has been hit by a perfect storm of factors that have escalated the ransomware problem, with patient information is increasingly being digitised as hospitals struggle with small internet security budgets.

In 2009, the Obama administration passed a bill requiring all public and private healthcare providers to adopt electronic medical records by 2014, resulting in a massive migration of paper patient records to online systems. Today, just 4-7% of the average healthcare provider’s annual IT budget is focused on cyber security, the BreachQuest study said. The move was accelerated by the pandemic, he added, as more providers shifted online to connect with patients during lockdown and hospital staff were stretched thin by the influx of very ill  patients.

CISA has advised a “3-2-1 backup approach” for healthcare entities, including saving three copies of each type of data in two different formats, including one offline. But the CISA advisory to hospitals is “somewhat unhelpful”, said Vincent Berk, chief security officer at the cyber security firm Quantum Xchange, offering generic recommendations about securing data with little clear path to doing so. “The issue with this attack, and any other ransomware attack, is that the cure doesn’t really exist,” he said. “In other words, if it happens, it is already too late.” he said.

Sophos:     NBC:     Guardian:    ISC2:     CBS:     Techtarget:     AHA Innovation:    

You Might Also Read: 

Cyber Attack On US Children's Hospital:

 

« FBI Issues A Warning To Users Of Crypto Currency Apps
Magecart Attacks Hit Hundreds Of US Restaurants »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Global Digital Forensics (GDF)

Global Digital Forensics (GDF)

GDF specialise in Digital Forensics and e-Discovery. Other services include Data Breach Response and Cyber Security.

EuroISPA

EuroISPA

EuroISPA is a pan European association of European Internet Services Providers Associations and the world’s largest association of ISPs.

Joe Security

Joe Security

Joe Security specializes in the development of automated malware analysis systems for malware detection and forensics.

PrimeKey

PrimeKey

PrimeKey provides organisations with the ability to implement security solutions such as e-ID, e-Passports, authentication, digital signatures, unified digital identities and validation.

Semperis

Semperis

Semperis is an enterprise identity protection company that enables organizations to quickly recover from accidental or malicious changes and disasters that compromise Active Directory.

Xage Security

Xage Security

Xage is the world’s first blockchain-protected security platform for Industrial IoT.

CIO Dive

CIO Dive

CIO Dive provides news and analysis for IT executives in areas including IT strategy, cloud computing, cyber security, big data, AI, software, infrastructure, dev ops and more.

Verifi

Verifi

Verifi is an award-winning provider of end-to-end payment protection and risk management solutions.

KeyXentic

KeyXentic

KeyXentic Inc. is a professional mobile and data security service provider. We are devoted to design convenient and strong security for user’s data protection and privacy without any compromise.

DeepView

DeepView

DeepView delivers a unified platform for managing risk on digital platforms. One interactive secure portal allowing employees to engage their networks securely and compliantly.

E2E Technologies

E2E Technologies

E2E Technologies are a proactive, SLA-beating, managed service provider that busts the common stereotypes surrounding IT.

Cheops Technology

Cheops Technology

Cheops is a specialist in IT Business Technology Services. We help SMEs and large companies build, optimize and manage their IT so they can focus on their core business.

Intigriti

Intigriti

Intigriti helps companies protect themselves from cybercrime. Our community of ethical hackers provides continuous, realistic security testing to protect our customer’s assets and brand.

Digital Edge

Digital Edge

Digital Edge provides unparalleled Managed Cloud Solutions, as well as superior Information Technology Support Services.

Intel Ignite

Intel Ignite

Intel Ignite is an internationally renowned acceleration program for early-stage deep tech startups.

Bearer

Bearer

Bearer helps modern teams ship trustworthy products with the help of our code security solution built for security, privacy and engineering teams.