As cases surge amidst an ongoing pandemic, hospitals face another crisis: ransomware. Dozens of hospitals have been targeted over the past few days and, in September, the RYUK ransomware strain impacted the IT systems of all 250 U.S Universal Health Services facilities1. Employees described a chaotic condition, where medical professionals resorted to using pen-and-paper for record-keeping.
Losing access to medical data and applications in a modern healthcare setting can have severe financial and potentially life-threatening consequences. In June, the University of California, San Francisco paid over $1.14M to attackers2. In September, a German woman seeking treatment died after a hospital was forced to reroute her due to a ransomware attack.3
Specifically Targeting Healthcare
In late October 2020, the FBI warned that ransomware is “an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”4 Obviously, the warning combined with the ongoing attacks means that healthcare systems must take timely and reasonable precautions to protect their networks.
Most of these recent attacks on healthcare organizations reportedly stem from a series of Russian cybercriminals who hold a list of over 400 potential healthcare targets, according to Hold Security.5
Underlying Technology and Methods
During this wave of ransomware attacks, the RYUK strain of malware has emerged as a primary vehicle to target healthcare environments. The initial compromise is generally performed through malware typically distributed via phishing emails. The malware helps establish a covert command and control channel into the compromised network.