Tale of Woe - Healthcare Sector in Ransomware Troubles

In the space of a couple of weeks, the healthcare sector in the U.S. has fallen the victim to a series of ransomware attacks. This came after the FBI issued an alert regarding the imminent increase in ransomware attacks against hospitals.

The alert

The FBI, DHS, and Health and Human Services issued a joint alert against the threat of ransomware and other attacks against the healthcare sector.
  • The advisory states that the healthcare and public sectors are being targeted by TrickBot malware.
  • These targets lead to ransomware attacks, data theft, and disruption of services.
  • The advisory was further updated to include information on Conti and BazarLoader, apart from TrickBot. 

Notable attacks

Just last week, at least 5 hospitals in the U.S. were crippled by ransomware attacks. 
  • The University of Vermont Health Network is the latest victim, where the attackers have targeted 6 hospitals in Vermont and New York, leading to a disruption of computer networks.
  • Before that, hospitals in New York and Oregon were targeted, crippling systems and forcing ambulances to reroute.
  • Last month, numerous Universal Health Services hospitals were hit by the Ryuk ransomware and they were left without access to phone and computer systems. 

Who’s to be blamed?

  • A Russia-based threat actor is laying the foundation for at least 10 more attacks, as per research by Prevailion.
  • The hacking group is known as Wizard Spider or UNC1878 and has hit at least 9 hospitals in New Jersey, Florida, Georgia, Texas, Arkansas, and Massachusetts.

Latest developments

  • As per a report published by Mandiant, malware families—Kegtap/BEERBOT, Winekey/CORKBOT, and Singlemalt/STILLBOT—are being used to gain a foothold in the target network and deliver Ryuk. these families are mainly targeting medical centers, hospitals, and retirement communities.
  • These malware are variants of BazarLoader and are used to download pentesting frameworks, such as Powertrick, Cobalt Strike, and Beacon.

Some stats your way

  • In October, the healthcare sector suffered the brunt of the attacks - an increase of 71% as compared to September.
  • Of all the attacks, Ryuk accounted for 75% of them against the healthcare sector.

What does this imply?

  • The increasing success of these attacks points to the lack of adaptability on the part of the stakeholders. 
  • The government, vendors, and organizations have failed to address these pressing cybersecurity issues.
  • Moreover, the lack of consequence for threat actors has proven to be a big motivator. They mostly get away with easy profits and continue targeting vulnerable networks.

How to deal with these threats?

  • Adopt best practices related to fortifying computer networks.
  • Inform and train end users about ransomware attacks.
  • Report suspicious activities and take proper mitigation measures.

Nuts and bolts

Cyberattacks are part of a harrowing reality. Threat actors have become immensely skilled in taking advantage of the stress healthcare organizations are under. Patient security is under threat. For instance, a couple of months back, a patient seeking emergency treatment died after a ransomware attack incapacitated the hospital’s systems.  Thus, the healthcare sector is in dire need of proper cybersecurity measures to protect patient lives and data.