The FBI, the Department of Health and Human Services (HHS), and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency have warned U.S. hospital administrators about a series of cyberattacks targeting hospitals, clinics, and medical complexes. In these ransomware attacks, hackers take the facilities offline and hold their data hostage in exchange for multimillion-dollar payments.
While officials did not specify the affected hospitals, Sonoma Valley Hospital in California, St. Lawrence Health System in New York, and Sky Lakes Medical Center in Oregon have reported recent breaches. These are linked to attacks in September against Universal Health Services, a network of more than 400 hospitals. The intrusions shut down computer systems, diverted ambulances, froze EHRs, and delayed surgeries, according to hospital representatives, who added that critical patient care was not affected.
The current campaign of attacks, which comes as coronavirus cases spike across the country, are believed to be carried out by the same Moscow- and St. Petersburg-based hackers behind TrickBot, a conduit for ransomware attacks. In September, the U.S. Cyber Command and Microsoft began dismantling TrickBot’s online infrastructure to avoid disruptions to the U.S. presidential election. However, these efforts had the unintended consequence of cutting off access to the hackers, and given the more recent attacks on American hospitals, did little to deter the cybercriminals.