Some U.S. hospitals have been hit by coordinated ransomware attacks designed to infect systems for financial gain, federal agencies and a private-sector cybersecurity company warned on Wednesday.
A joint advisory by the Cybersecurity and Infrastructure Security Agency, the Department of Health and Human Services and the FBI says there is “credible information of an increased and imminent cybercrime threat” to U.S. hospitals and health care providers.
They are urging institutions to take necessary precautions to protect their networks.
The agencies said hackers are using Ryuk ransomware — malicious software used to encrypt data and keep it locked up — and the Trickbot network of infected computers to steal data, disrupt health care services and extort money from health care facilities. Such data hijacking often cripples online systems, forcing many to pay up to millions of dollars to restore their services.
The agencies warned health care providers to step up protections of their networks, including regularly updating software, backing up data and monitoring who is accessing their systems.
Beyond health care facilities, the FBI says ransomware attacks have been on the rise for several years against hospitals, school districts, state and local governments and even law enforcement.
Officials do not recommend paying ransoms, as it does not guarantee data will be recovered and could “embolden” hackers to carry out further attacks.
CNN reports that an unnamed Trump administration official said several hospitals have been targeted in the attacks over the past two days. The official said the incidents may be connected and that the federal government is investigating the attacks.
Experts at the cybersecurity firm FireEye’s Mandiant division said the latest spate of attacks were carried out by cyberattackers in Eastern Europe seeking financial gain.
“We are experiencing the most significant cybersecurity threat we’ve ever seen in the United States,” said Charles Carmakal, Mandiant’s chief technology officer, describing the group as “one of most brazen, heartless and disruptive threat actors I’ve observed over my career.”
A FireEye Mandiant report on Wednesday said the same group has this year “actively targeted hospitals, retirement communities, and medical centers, even in the midst of a global health crisis, demonstrating a clear disregard for human life.”
The company said the attacks typically start as emails masquerading as corporate communications containing Google Docs and PDFs with malicious links.