As hospitals face a surge in patients and critical equipment shortages stemming from the coronavirus pandemic, they are increasingly becoming the target of hackers who see health care facilities as easy prey.
Ransomware attacks, in which hackers lock up a network and demand payment to return access to these systems, have presented a growing threat to hospitals since January.
Experts are warning that they expect these attacks to increase and that the threat has captured the attention of top intelligence lawmakers, who warn the outbreak and the ransomware attacks create the perfect storm.
“A major policy focus of mine before the onset of this health emergency was the cybersecurity posture of the health care sector, where we often found major hospital systems ill-equipped to handle ransomware incidents and data breaches,” Sen. Mark WarnerMark Robert WarnerAdvocates call on top Democrats for 0B in housing investments Democrats draw red lines in spending fight Manchin puts foot down on key climate provision in spending bill MORE (D-Va.), the vice chairman of the Senate Intelligence Committee, told The Hill in a statement.
“COVID-19 has only made that situation worse, with increased attacks and hospital resources stretched perilously thin,” Warner added.
Sen. Michael BennetMichael Farrand BennetConservation group says it will only endorse Democrats who support .5T spending plan Lawmakers can't reconcile weakening the SALT cap with progressive goals How Sen. Graham can help fix the labor shortage with commonsense immigration reform MORE (D-Colo.), who expressed concerns following attacks on health agencies including the Department of Health and Human Services last month, told The Hill that he could see the Department of Homeland Security (DHS) having a role to play in protecting hospitals from cyberattacks.
“The administration must ensure DHS is rapidly compiling information on recent cyber activity and intrusions, developing and sharing best practices for protecting networks, and providing assistance to vulnerable and critical entities,” Bennet said.
The threat of such cyberattacks is not fixed in one country. INTERPOL, an international police organization, issued a warning last month to its 194 member countries.
INTERPOL’s Cybercrime Threat Response team said in a press release that it “has detected a significant increase in the number of attempted ransomware attacks against key organizations and infrastructure engaged in the virus response.”
“Cybercriminals are using ransomware to hold hospitals and medical services digitally hostage; preventing them from accessing vital files and systems until a ransom is paid,” the organization warned.
Some early victims appeared last month, including reports surfaced that a public health district in Illinois paid hackers a hefty ransom after facing a ransomware attack. The cost to regain access to their data totaled $350,000.
And a hospital in the Czech Republic, which is providing coronavirus testing, also experienced disruptions last month following a cyberattack. The Czech Republic’s cybersecurity agency warned in an alert Friday that it is “highly probable” that more hackers will continue targeting health care agencies in the country “in the coming days.”
Experts have also pointed to attacks in the United Kingdom and other parts of Europe. André Pienaar, founder of venture capital firm C5 Capital, told Forbes earlier this month that his company had linked some of the ransomware attacks against health care facilities in the U.K. and Europe to an organized crime group that uses Maze, a type of ransomware. His company has teamed up with other cyber firms to provide free help to hospitals targeted in Europe.
While attacks that prey on the sick and vulnerable are not new, the increase comes at a time when health care systems are scrambling to save lives.
Matt Gyde, CEO of NTT Ltd.’s Security Division, told The Hill that his team has started seeing a trend of ransomware threats against senior executives of hospitals and their families.
“We consistently see attacks happening on hospital infrastructure, but definitely over the last six weeks we have seen an uptick in attacks compared to what we have seen in the past,” Gyde said.
Marc Rogers, the executive director of cybersecurity at software group Okta, told The Hill that it was “disappointing” that hackers were targeting vulnerable hospitals.
Rogers is one of the leaders of the COVID-19 CTI League, which is made up of more than 1,000 information security professionals worldwide. Their goal is to thwart cyberattacks on hospitals and other critically important institutions.
The League has successfully identified more than 2,000 cyber vulnerabilities at high-risk organizations like hospitals, and works hand-in-hand with law enforcement to ensure the vulnerabilities are addressed as quickly as possible.
Rogers said hackers see the current stress placed on hospitals as a “gold rush.”
“People are going completely nuts, some of the ransomware incidents that I’ve heard of, people are asking for seven or eight figures to release the data, and in some cases hospitals simply cannot afford to pay,” Rogers said.
While there have not been any wide-ranging ransomware attacks that have significantly halted multiple healthcare agencies, it has happened before.
In 2017, the North Korea-backed “WannaCry 2.0” ransomware virus locked up more than 300,000 computer systems worldwide, and harmed about 8 percent of the United Kingdom’s health care groups after it hit the National Health Service (NHS). It ultimately cost the NHS an estimated $112 million to recover.
“Something like that happening now would be catastrophic,” Rogers said.
Hospitals are not alone. Both state and local governments as well as school districts have faced ransomware attacks. But the private sector and other security groups have recognized the threat facing hospitals as the coronavirus wreaks havoc across the globe.
Multiple software and cybersecurity groups are offering free cybersecurity services to hospitals and other health groups, including Microsoft. The company announced earlier this week it would offer its AccountGuard service, which boosts email security, to both health care and human rights organizations free of charge until the end of the coronavirus pandemic.
Gyde said NTT Ltd., a technology company, is also offering some hospitals free cyber incident response services after multiple health care organizations reached out to them to help in defending against cyberattacks.
Tom Burt, the corporate vice president of customer security and trust at Microsoft, told The Hill that Microsoft had seen increases in both ransomware attacks on hospitals and in malicious emails around the pandemic.
“We have observed cybercriminals and nation-states using COVID-19 ‘lures’ as the hook in their phishing campaigns,” Burt said. “We have seen a modest increase in cybercriminal ransomware attacks on hospitals. That said, hospitals have been an attractive ransomware target for cybercriminals for some time.”
Rogers noted that the level of attacks seen is something he would describe as “World War Cyber.”
“If you are a ransomware person who is willing to target an old age person to steal their life savings, you probably have the right morals to go hold a hospital to ransom too,” Rogers said. “These guys are not really nice people.”