So should we be concerned?
Federal agencies warned that cybercriminals are unleashing a wave of data-scrambling extortion attempts against the U.S. health care system designed to lock up hospital information systems, which could hurt patient care just as nationwide cases of COVID-19 are spiking.
That seems concerning to us. Especially when we are getting news releases from the University of Vermont Health Care Network telling us they were affected.
In a joint alert Wednesday afternoon, the FBI and two federal agencies warned that they had “credible information of an increased and imminent cybercrime threat to U.S. hospitals and health care providers.” The alert said malicious groups are targeting the sector with attacks that produce “data theft and disruption of health care services.”
In Vermont, the statement from the hospital network was: “The Network is investigating all possible causes, including a malicious cyberattack, and we do not currently have a timeline for when systems will be restored,” the statement reads, adding: “The outage has led to variable impact on each affiliate as to how patient care is delivered.”
The cyberattacks involve ransomware, which scrambles data into gibberish that can only be unlocked with software keys provided once targets pay up. Independent security experts say it has already hobbled at least five U.S. hospitals this week, and could potentially impact hundreds more.
The offensive by a Russian-speaking criminal gang coincides with the U.S. presidential election, although there is no immediate indication they were motivated by anything but profit. “We are experiencing the most significant cyber-security threat we’ve ever seen in the United States,” Charles Carmakal, chief technical officer of the cybersecurity firm Mandiant, said in a statement released Thursday.
According to the Associated Press, Alex Holden, CEO of Hold Security, which has been closely tracking the ransomware in question for more than a year, agreed that the unfolding offensive is unprecedented in magnitude for the United States given its timing in the heat of a contentions presidential election and the worst global pandemic in a century.
It is happening with greater frequency.
Nonprofits and colleges and universities across Vermont, as well as the Boy Scouts of America, informed donors this summer that they were on a growing list of entities affected by the ransomware attack.
In a recent regulatory filing, Blackbaud said further investigation showed that “for some of the notified customers, the cybercriminal might have accessed some unencrypted fields intended for bank-account information, Social Security numbers, usernames and/or passwords. In most cases, fields intended for sensitive information were encrypted and not accessible.”
Most colleges and universities stressed that its donor data affected by the breach did not include Social Security numbers or bank account or credit/debit card information. Instead, said details such as contact information, birth dates, family members and demographic data were likely to have been involved.
According to the notice, cybercriminals accessed data stored in various Blackbaud systems. Blackbaud agreed to pay the criminals to delete the information and says it “continues to closely monitor the situation.”
But this is a different beast altogether.
This most recent federal alert was co-authored by the Department of Homeland Security and the Department of Health and Human Services.
The cybercriminals launching the attacks use a strain of ransomware known as Ryuk, which is seeded through a network of zombie computers called Trickbot that Microsoft began trying to counter earlier in October. U.S. Cyber Command has also reportedly taken action against Trickbot. While Microsoft has had considerable success knocking its command-and-control servers offline through legal action, analysts say criminals have still been finding ways to spread Ryuk.
It is known that the U.S. has seen a plague of ransomware during the past 18 months or so, with major cities from Baltimore to Atlanta hit and local governments and schools hit especially hard.
A total of 59 U.S. health care providers/systems have been impacted by ransomware in 2020, disrupting patient care at up to 510 facilities.
That is too many. We need to be able to have trust and faith in the system.
— Barre-Montpelier Times Argus