6 hospital ransomware attacks in 24 hours prompts US advisory: 8 things to know

Ryuk ransomware hit at least six U.S. hospitals in 24 hours this week, prompting the federal government to warn healthcare providers about the threat, according to The Washington Post.

Eight things to know:

1. The ransomware attacks began on Oct. 26 and have hit hospitals from New York to California. The FBI, the HHS and the Cyber Security and Infrastructure Security Agency under the Department of Homeland Security said there was "credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers" in their Oct. 28 joint advisory.

2. The federal government did not release the names of the hospitals, but Klamath Falls, Ore.-based Sky Lakes Medical Center and St. Lawrence Health System in Upstate New York self-identified as victims of ransomware attacks Oct. 27.

3. The New York Times reported that a list of more than 400 targeted hospitals has been circulating among the Russian hackers, who claimed to have infected more than 30 hospitals on the list already.

4. The ransomware is often distributed by Trickbot, according to the article. In recent weeks, Microsoft reported taking down Trickbot servers through federal court orders with the goal of preempting ransomware attacks, but the Trickbot infrastructure has since changed.

5. The hackers have demanded more than $1 million from the unnamed hospitals and in one instance demanded the equivalent of $5 million in Bitcoin from a private clinic. The hackers are known to set the ransom at 10 percent of the organization's annual income, according to The Times.

6. Some hospitals have paid the ransom to unlock their systems, according to The Post.

7. The federal government told hospitals and healthcare providers to boost protection networks, ensure software updates are made, back up data and monitor access to their systems closely, according to NPR.

8. Hospitals typically take their IT systems offline when ransomware is identified and revert to downtime protocols, which include paper records. In some instances, hospitals have diverted ambulances during the downtime and postponed elective procedures and services.

To learn more about Ryuk and ransomware mitigation steps, click here.

More articles on cybersecurity:
Hospital CISOs to meet, prep for 'long war' against cyberattacks
10 healthcare malware, ransomware and phishing incidents this month
Cyberattacks are shutting down hospital IT networks: 8 recent incidents

 

© Copyright ASC COMMUNICATIONS 2020. Interested in LINKING to or REPRINTING this content? View our policies by clicking here.