Play Live Radio
Next Up:
0:00
0:00
0:00 0:00
Available On Air Stations

U.S. Hospitals Targeted In Rising Wave Of Ransomware Attacks, Federal Agencies Say

U.S. federal agencies sent an alert Wednesday night that there is "credible information of an increased and imminent cybercrime threat" to hospitals and healthcare providers.
Nicolas Asfouri
/
AFP via Getty Images
U.S. federal agencies sent an alert Wednesday night that there is "credible information of an increased and imminent cybercrime threat" to hospitals and healthcare providers.

Updated Thursday at 10:55 a.m. ET

Some U.S. hospitals have been hit by coordinated ransomware attacks designed to infect systems for financial gain, federal agencies and a private-sector cybersecurity company warned on Wednesday.

A joint advisory by the Cybersecurity and Infrastructure Security Agency, the Department of Health and Human Services and the FBI says there is "credible information of an increased and imminent cybercrime threat" to U.S. hospitals and health care providers.

They are urging institutions to take necessary precautions to protect their networks.

The agencies said hackers are using Ryuk ransomware — malicious software used to encrypt data and keep it locked up — and the Trickbot network of infected computers to steal data, disrupt health care services and extort money from health care facilities. Such data hijacking often cripples online systems, forcing many to pay up to millions of dollars to restore their services.

The agencies warned health care providers to step up protections of their networks, including regularly updating software, backing up data and monitoring who is accessing their systems.

Beyond health care facilities, the FBI says ransomware attacks have been on the rise for several years against hospitals, school districts, state and local governments and even law enforcement.

Officials do not recommend paying ransoms, as it does not guarantee data will be recovered and could "embolden" hackers to carry out further attacks.

CNN reportsthat an unnamed Trump administration official said several hospitals have been targeted in the attacks over the past two days. The official said the incidents may be connected and that the federal government is investigating the attacks.

Experts at the cybersecurity firm FireEye's Mandiant division said the latest spate of attacks were carried out by cyberattackers in Eastern Europe seeking financial gain.

"We are experiencing the most significant cybersecurity threat we've ever seen in the United States," said Charles Carmakal, Mandiant's chief technology officer, describing the group as "one of most brazen, heartless and disruptive threat actors I've observed over my career."

Carmakal toldNPR's Steve Inskeep that what makes these attacks notable is their target: hospitals.

"Most threat actors aren't willing to deploy ransomware and cause destruction to hospitals right now during the pandemic because they're worried about impacting lives," he said. But in this case, the attacker is deliberately targeting hospitals "and has no real fear of potential human impact, and is just looking to make money."

The company saidthe attacks typically start as emails masquerading as corporate communications containing Google Docs and PDFs with malicious links.

And such attacks could have life and death consequences.

As hospital administrators find out their systems are under attack, they often take those systems offline, Carmakal said. They then have to revert to paper-based systems to treat patients — and sometimes end up diverting patients to other hospitals, which could be minutes or hours away.

"No matter what, you're going to deal with situations where the ability for the healthcare practitioners to give care to patients — it's going to get delayed, which could certainly impact people's lives."

Copyright 2021 NPR. To see more, visit https://www.npr.org.

Vanessa Romo is a reporter for NPR's News Desk. She covers breaking news on a wide range of topics, weighing in daily on everything from immigration and the treatment of migrant children, to a war-crimes trial where a witness claimed he was the actual killer, to an alleged sex cult. She has also covered the occasional cat-clinging-to-the-hood-of-a-car story.
Shannon Bond is a business correspondent at NPR, covering technology and how Silicon Valley's biggest companies are transforming how we live, work and communicate.
Laurel Wamsley is a reporter for NPR's News Desk. She reports breaking news for NPR's digital coverage, newscasts, and news magazines, as well as occasional features. She was also the lead reporter for NPR's coverage of the 2019 Women's World Cup in France.