Already exhausted by the Covid-19 pandemic, American hospitals are facing a new threat: ransomware. The American authorities issued an alert bulletin on Wednesday, October 28, warning them of a wave of attacks “Imminent”, while many of them are already grappling with these viruses which, encrypting the data of the computer systems they infect, render them unusable. A ransom is then demanded by the hackers to unblock the situation, or prevent the publication of sensitive data.
An “imminent” danger
In their alert bulletin, the Department of Homeland Security, the Department of Health and the FBI claim to have “Credible information on an imminent and heightened cybercrime threat targeting the health sector”. The authorities fear “Data theft and disruption of healthcare services”.
What prompted the authorities to alert is not entirely clear. But several experts closely following ransomware activity, quoted in the American press, have largely confirmed these concerns, deeming this threat serious and unprecedented. A group of criminals could plan to attack nearly 400 establishments, according to information gleaned by Hold Security, a specialized company.
“Ransomware attacks on American hospitals during a pandemic are possibly the most dangerous cyberattacks to ever target the United States. This problem is out of control, and people are going to suffer ” alerted on his Twitter account John Hultquist, head of intelligence at the American specialist firm FireEye.
The alert was followed by a teleconference in which authorities urged hospitals to check backups, disconnect devices from the Internet as much as possible and not use personal email accounts on the hospital network.
Several attacks in progress
Advice arrived too late for some hospitals. Several American health establishments have seen their functioning disrupted by computer attacks in the past few hours. This is particularly the case with Sky Lakes Medical Center in Oregon, where “Communications [sont] complicated ” according to a press release published by the establishment.
The hospitals of Canton-Potsdam, Massena and Gouverneur, cities in New York State, had to disconnect part of their computer systems, and some ambulances had to be diverted to other establishments. A network of hospitals in Vermont has also seen its computer operation be affected, without there being any official question of ransomware. Ridgeview Medical Center in Minnesota was also attacked, as was Sonoma Valley Hospital in California.
The situation is also closely monitored by the Canadian authorities, according to which the country’s hospitals are also targeted, according to Radio Canada. The Jewish general hospital in Montreal would also be disrupted.
A doctor working at a hospital hit by an attack and interviewed by Reuters news agency said some vital functions, such as digital transmission of test results, were impossible. “The events in progress can cause deaths, perhaps in several hospitals” was alarmed Charles Carmakal, the technical director of Mandiant, a company specializing in the analysis of cyber attacks, which raised the alarm about hospitals.
According to experts and US authorities, this wave of infection seems to be spreading through the network of hacked computers Trickbot. The latter was however partially dismembered, not long ago, by an operation led by Microsoft and the US military.
Hackers use this network of bot machines to insert particularly virulent ransomware called Ryuk into their victims’ computer networks. This is the one who had already targeted the American hospital group Universal Health Services, at the end of September, causing significant damage and seriously disrupting the functioning of this heavy weight of health in the United States. It was also him who attacked last week the computer network of the digital services company Sopra Steria.
Little is known about the hackers behind this ransomware. Experts suspect this gang to be established in Eastern Europe or Russia. They are, in any case, the pirates “Among the most shameless, cruel and disruptive I have ever encountered in my career” Mandiant’s Charles Carmakal told Reuters.