FBI, DHS Warn Hospitals of ‘Credible Threat’ from Hackers

Several federal agencies on Wednesday warned hospitals and cyber-researchers about “credible” information “of an increased and imminent cybercrime threat to U.S. hospitals and health-care providers.”

The FBI, the Department of Health and Human Services and the Cybersecurity and Infrastructure Security Agency, part of the Department of Homeland Security and known as CISA, said hackers were targeting the sector, “often leading to ransomware attacks, data theft and the disruption of health-care services,” according to an advisory.

The advisory warned that hackers might use Ryuk ransomware “for financial gain.”

The warning comes as COVID-19 cases and hospitalizations surge across the country. The cybersecurity company FireEye Inc. said multiple U.S hospitals had been hit by a “coordinated” ransomware attack, with at least three publicly confirming being struck this week.

Ransomware is a type of computer virus that locks up computers until a ransom is paid for a decryption key.

The attack was carried out by a financially motivated cybercrime group dubbed UNC1878 by computer security researchers, according to Charles Carmakal, FireEye’s strategic services chief technology officer. At least three hospitals were severely affected by ransomware on Tuesday, he said, and multiple hospitals have been hit over the past several weeks. UNC1878 intends to target and deploy ransomware to hundreds of other hospitals, Carmakal said.

“We are experiencing the most significant cybersecurity threat we’ve ever seen in the United States,” he said. “UNC1878, an Eastern European financially motivated threat actor, is deliberately targeting and disrupting U.S. hospitals, forcing them to divert patients to other health-care providers.”

Multiple hospitals have already been significantly affected by Ryuk ransomware and their networks have been taken offline, Carmakal added. “UNC1878 is one of most brazen,…