As if the rampant underfunding and overcrowding weren’t enough for hospitals to deal with during the current pandemic, apparently they need to grapple with ransomware, too. In an advisory memo released last night, federal officials warned of an “increased and imminent cybercrime threat” to hospitals and healthcare providers across the country.
The memo, which was a joint effort between the U.S. Federal Bureau of Investigations, the U.S. Department of Health and Human Services, and the U.S. Cybersecurity and Infrastructure Security Agency does not share why exactly hospitals — which have long been a popular target for cybercriminals — are at increased risk now, though it does plainly state the intention for the attacks is for financial gain. With the U.S.’s Covid numbers hitting record highs as the weather turns cold, the timing is inopportune, to put it lightly.
Per the notice, one of the ways bad actors weave their way into a hospital’s IT systems is through Trickbot, a particularly nasty trojan that specialises in hijacking web browsers and pulling their credentials, and then using the infected machines as part of a botnet. Earlier this month, Microsoft disabled command and control servers behind Trickbot, which the company estimated took around 1 million infected machines out of action.
These trojans can be used in conjunction with a popular strain of ransomware called Ryuk that’s built to hold entire networks hostage via encryption until the owner of said network coughs up some cash. In the past, we’ve seen city officials, oil companies, and multiple hospitals get held up for hundreds of thousands of dollars at a time. Earlier this year, cybersecurity analysts estimated that the demands of the average Ryuk attack spiked to roughly $US1.3 ($2) million dollars apiece.
A doctor at a recently of the besieged hospitals told Reuters that their facility was forced to shift their operations to pen-and-paper following an attack. While that might suffice for basic day-to-day monitoring, the doctor explained that this analogue approach didn’t allow them to update the patient files that they had on hand. Keeping these records updated and available is important during normal times; during a pandemic its crucial.
Even if these hospitals can afford it, the agencies don’t recommend paying off these ransoms. “Payment does not guarantee files will be recovered,” the notice explains. “It may also embolden adversaries to target additional organisations, encourage other criminal actors to engage in the distribution of ransomware, and/or fund illicit activities.”
Instead, the best advice these agencies offers hospitals is the same advice any cybersecurity-minded person might: keep your systems up to date, change passwords often, use multi-factor authentication, regularly back up your data, make local, offline copies of that data if you can, and teach yourself how to suss out what the average phishing scam looks like.