Federal services warn hospitals and security researchers of rapidly increasing cyber threats targeting healthcare facilities in USA. In particular, the FBI, the US Department of Homeland Security (DHS), CISA and the Department of Health and Human Services have stated that hacker target the health sector by carrying out ransomware attacks, which can lead to data theft as well as disruption of healthcare services.
The services point out that hackers may use the Ryuk ransomware for financial gain. The warning from the FBI, CISA, DHS and the Department of Health and Human Services about ransomware threats comes at a time when cases as well as hospitalization of patients with COVID-19 have grown alarmingly in both the US and the rest of the world.
Cybersecurity company FireEye said several U.S. hospitals were hit by a "coordinated" ransomware attack, with at least three public hospitals confirming they were hit this week.
Ransomware is a type of computer virus that locks computers until the victim pays the ransom required to obtain a key. decryption. The attack was carried out by “UNC1878”, a hacking group linked to Eastern Europe and operating for financial gain. At least three hospitals have been severely affected by ransomware this week, and many hospitals have been affected in recent weeks. UNC1878 intends to target and develop ransomware in hundreds of other hospitals.
Many hospitals have already been significantly affected by ransomware threats such as Ryuk ransomware and networks have been disabled. Researchers say UNC1878 is one of the most dangerous threats they have seen in their careers.
Attackers using Trickbot Malware said this week it had attacked more than 400 hospitals in the United States, said Alex Holden, founder of cybersecurity company Hold Security.
Indicatively, the Health System of St. Lawrence in New York, Sonoma Valley Hospital in California and Sky Lakes Medical Center in Oregon said they were affected by ransomware attacks.
Ransomware typically launches email attacks that are presented as corporate communications and sometimes contain the victim or company name in the text or in the subject line, according to a FireEye report released this week. However, the e-mail may contain malicious Google Docs, usually in PDF format, that include a malware-referenced link. Using multiple links, as well as PDF files, can fool email filters designed to detect simpler tactics. Phishing.