قالب وردپرس درنا توس
Home / US / FBI warns that ransomware attacks threaten U.S. healthcare system

FBI warns that ransomware attacks threaten U.S. healthcare system



Boston (Associated Press)-Federal agencies warn that cybercriminals may launch a wave of data chaotic blackmail attempts Efforts against the U.S. health care system, if successful, could paralyze hospital information systems, just like COVID-19 cases nationwide.

In a joint alert on Wednesday, the FBI and two federal agencies stated that they already have reliable information about the “increasing threat of cybercrime” to American hospitals and healthcare providers. The alert stated that malicious groups are targeting “data theft and interruption of medical services”

;.

However, it is difficult to assess the impact of the expected attack wave.

It involves a specific type of ransomware that scrambles the target’s data into garbled characters until they are paid. Previous such attacks on medical facilities have hindered medical services, and in one case in Germany, this resulted in the death of patients. But such consequences are still rare.

The federal warning itself can help avoid the most serious consequences by getting hospitals to take further preventive measures or stepping up efforts to combat the systems cybercriminals use to launch such attacks.

Although it did not immediately indicate that the cybercriminals involved were motivated for profit, the offensive coincided with the US presidential election. The federal alert is co-authored by the Department of Homeland Security and the Department of Health and Human Services.

Independent security experts say that the ransomware called Ryuk has affected at least five U.S. hospitals this week, and may affect hundreds. According to reports, four medical institutions have been attacked by ransomware so far this week, three of which belong to the St. Lawrence Health System in upstate New York, as is the Sky Lake Medical Center in Klamath Falls, Oregon.

Sky Lakes said in an online statement that it has no evidence that patient information was compromised and that “emergency and urgent care” is still available. The St. Lawrence System said Thursday that no patient or employee data appeared to have been accessed or leaked. Matthew Denner, director of emergency services in St. Lawrence County, told the Adirondack Daily that the hospital owner instructed the county to transfer two ambulances from the affected hospitals for several hours on Tuesday when the attack occurred. Neither Denner nor the company responded to requests for comment on this report.

Hold Security CEO Alex Holden, who has been following Ryuk closely for more than a year, said that the wave of attacks on the United States may be unprecedented in scale. Charles Carmakal, chief technology officer of security company Mandiant, said in a statement that cyber threats are “in the history of the country”. The most important” threat.

In the past 18 months or so, the United States has been hit hard by ransomware, major cities from Baltimore to Atlanta have been hit, and the bankruptcy of local governments and schools is particularly difficult.

In September, ransomware attacks paralyzed 250 companies across the United States Universal Health Services, a chain of hospitals, forced doctors and nurses to rely on paper and pen for records and slow laboratory work. Employees described the chaotic conditions that hindered patient care, including increased waiting times in the emergency room and malfunctioning wireless vital signs monitoring equipment.

Also in September, the first known death related to ransomware It happened in Dusseldorf, Germany, when the IT system malfunctioned and the critically ill patient was transferred to a hospital in another city.

Holden said that the Russian-speaking organization behind the recent attack demanded a ransom of well over $10 million per target, and criminals involved in the dark web are discussing attempts to infect more than 400 hospitals, clinics and other medical facilities. plan.

Although no one has proven suspicious links between the Russian government and the gangs that use the Trickbot platform that distributes Ryuk and other malware, Holden said that he “has no doubt that the Russian government is aware of this action.” Microsoft has been since early October. Has been working to take Trickbot offline.

Dmitri Alperovitch, co-founder and former chief technology officer of the cybersecurity company Crowdstrike, said, “There must be many connections between Russian cybercriminals and the state,” and hackers hired by the Kremlin sometimes Appear as a cybercriminal.

Ransomware criminals are increasingly stealing data from their targets before encrypting the network and using it for blackmail. Brett Callow, an analyst at the cybersecurity company Emsisoft, said that they usually seed the malware a few weeks before launching it and wait a moment before they think they can withdraw the highest payment.

Callow said that by 2020, 59 U.S. healthcare providers or systems will be affected by ransomware, disrupting patient care in as many as 510 medical institutions.

Hospitals and clinics have been rapidly expanding the scope of data collection and adding Internet-enabled medical devices, many of which have poor security. At the same time, hospital administrators have been slow to update software, encrypt data, train cyber health personnel, and recruit security experts, making them vulnerable to cyber attacks.

Data security expert Larry Bonimont said that as hospitals responded to the coronavirus crisis, privacy and security protocols fell aside, leaving patients vulnerable to identity theft. “The bad guy smells the problem.”

Associated Press writers Michael Hill and New York City’s Marion Renault contributed to this report.


Source link