Tale of Woe - Healthcare Sector in Ransomware Troubles
In the space of a couple of weeks, the healthcare sector in the U.S. has fallen the victim to a series of ransomware attacks. This came after the FBI issued an alert regarding the imminent increase in ransomware attacks against hospitals.
The FBI, DHS, and Health and Human Services issued a joint alert against the threat of ransomware and other attacks against the healthcare sector.
- The advisory states that the healthcare and public sectors are being targeted by TrickBot malware.
- These targets lead to ransomware attacks, data theft, and disruption of services.
- The advisory was further updated to include information on Conti and BazarLoader, apart from TrickBot.
Just last week, at least 5 hospitals in the U.S. were crippled by ransomware attacks.
- The University of Vermont Health Network is the latest victim, where the attackers have targeted 6 hospitals in Vermont and New York, leading to a disruption of computer networks.
- Before that, hospitals in New York and Oregon were targeted, crippling systems and forcing ambulances to reroute.
- Last month, numerous Universal Health Services hospitals were hit by the Ryuk ransomware and they were left without access to phone and computer systems.
Who’s to be blamed?
- A Russia-based threat actor is laying the foundation for at least 10 more attacks, as per research by Prevailion.
- The hacking group is known as Wizard Spider or UNC1878 and has hit at least 9 hospitals in New Jersey, Florida, Georgia, Texas, Arkansas, and Massachusetts.
- As per a report published by Mandiant, malware families—Kegtap/BEERBOT, Winekey/CORKBOT, and Singlemalt/STILLBOT—are being used to gain a foothold in the target network and deliver Ryuk. these families are mainly targeting medical centers, hospitals, and retirement communities.
- These malware are variants of BazarLoader and are used to download pentesting frameworks, such as Powertrick, Cobalt Strike, and Beacon.
Some stats your way
- In October, the healthcare sector suffered the brunt of the attacks - an increase of 71% as compared to September.
- Of all the attacks, Ryuk accounted for 75% of them against the healthcare sector.
What does this imply?
- The increasing success of these attacks points to the lack of adaptability on the part of the stakeholders.
- The government, vendors, and organizations have failed to address these pressing cybersecurity issues.
- Moreover, the lack of consequence for threat actors has proven to be a big motivator. They mostly get away with easy profits and continue targeting vulnerable networks.
How to deal with these threats?
- Adopt best practices related to fortifying computer networks.
- Inform and train end users about ransomware attacks.
- Report suspicious activities and take proper mitigation measures.
Nuts and bolts
Cyberattacks are part of a harrowing reality. Threat actors have become immensely skilled in taking advantage of the stress healthcare organizations are under. Patient security is under threat. For instance, a couple of months back, a patient seeking emergency treatment died after a ransomware attack incapacitated the hospital’s systems. Thus, the healthcare sector is in dire need of proper cybersecurity measures to protect patient lives and data.