The Federal Bureau of Investigation and other federal agencies are warning of a growing cybersecurity threat against hospitals as the coronavirus pandemic continues to worsen in the United States. Already, dozens of hospitals have been hit by ransomware attacks and left figuratively "unplugged."
The FBI, the Department of Health and Human Services, and the Cybersecurity and Infrastructure Security Agency warned of a new trend of cyber attacks against hospitals in a Joint Cybersecurity Advisory issued on Wednesday. The threat comes explicitly from TrickBot; a massive Russian botnet recently dealt a considerable blow by Microsoft
"The cybercriminal enterprise behind TrickBot, which is likely also the creator of BazarLoader malware, has continued to develop new functionality and tools, increasing the ease, speed, and profitability of victimization." The advisory warns.
Like previous attacks that have targeted everything from oil companies to local politicians, the malware is typically introduced through phishing. Official looking emails from the criminals behind TrickBot will often contain links to websites where the malware is hosted, or sometimes malware is attached to the email itself. Once installed, TrickBot gives unprecedented access to the infected machine, which Microsoft believed was part of a "malware-as-a-service" scheme to sell access to infected machines.
Already, dozens of hospitals have been hit by ransomware attacks. An anonymous doctor spoke to Reuters to detail the after-effects of such an attack, which resulted in his facility being forced to resort to pen and paper after its computer systems were locked down.
"We can still watch vitals and getting imaging done, but all results are being communicated via paper only," the doctor said.
Hospitals are already dealing with overcrowding and a lack of necessary supplies; at the height of the pandemic, it was depressingly common to see photos and videos of packed hospitals with patients on beds in hallways and weary medical staff being forced to don improvised protective gear amid shortages. The addition of ransomware attacks crippling automation and data sharing is only making a bad situation worse.
Authorities are advising health facilities to ensure auxiliary systems are in working order and that all data is adequately backed up offline and keep up on awareness training to help staff lookout for phishing attempts, which can stop a ransomware attack from happening at all.
- 1. https://us-cert.cisa.gov/sites/default/files/publications/AA20-302A_Ransomware%20_Activity_Targeting_the_Healthcare_and_Public_Health_Sector.pdf
- 2. https://www.reuters.com/article/us-usa-healthcare-cyber-idUSKBN27D35U
- 3. https://www.vox.com/recode/2020/10/29/21540039/hospital-ransomware-coronavirus-hacking-ryuk-malware
- 4. https://www.forbes.com/sites/waynerash/2020/10/29/ransomware-group-targets-hospitals-at-height-of-pandemic/
- 5. https://www.pws.io/microsoft-delivers-blow-to-russian-botnet
