Security News

The U.S. government has warned hospitals and healthcare providers of an "Increased and imminent" ransomware threat, which some experts have attributed to cybercriminals from Eastern Europe. The organizations say they've received credible information that threat actors are targeting the healthcare sector with the TrickBot malware in attacks that often lead to ransomware infections, data theft and disruption of healthcare services.

In a joint statement, the U.S. government is warning the healthcare industry that a hacking group is actively targeting hospitals and healthcare providers in Ryuk ransomware attacks. On this call, the U.S. government warned healthcare providers that Ryuk ransomware is actively targeting the healthcare industry and that proper steps should be taken to secure their systems.

Today, officials from the FBI and the U.S. Department of Homeland Security hastily assembled a conference call with healthcare industry executives warning about an "Imminent cybercrime threat to U.S. hospitals and healthcare providers." The agencies on the conference call, which included the U.S. Department of Health and Human Services, warned participants about "Credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers."

UPDATE. Two more hospitals were hit with ransomware attacks this week as a growing number of criminals target healthcare facilities during the COVID-19 pandemic. The troubling trend prompted federal law enforcement and health officials, on Wednesday, to sound the alarm and issue a dire warning of more attacks to come.

The hospital chain Universal Health Services said Thursday that computer services at all 250 of its U.S. facilities were hobbled in last weekend's malware attack and efforts to restore hospital networks were continuing. Doctors and nurses at affected hospitals and clinics, many already burdened with coronavirus care, have had to rely on manual record-keeping, with lab work slowed.

The attack involved ransomware - Ryuk ransomware, to be more specific. Ryk extension and another employee described a ransom note that points to Ryuk ransomware.

Universal Health Services over the weekend shut down the IT networks at multiple hospitals in the United States, after being hit with a cyberattack. On Monday, some of the company's employees took to Reddit to share information on a cyberattack that forced the shutdown of computers at UHS facilities nationwide.

UHS insists patient care continues to be delivered and that "No patient or employee data appears to have been accessed, copied or otherwise compromised." A UHS spokesperson declined to provide further details or to comment on unsubstantiated claims made via social media suggesting the involvement of the Ryuk ransomware family.

A ransomware attack has shut down Universal Health Services, a Fortune-500 owner of a nationwide network of hospitals. In an official statement given out on Monday, UHS noted: "The IT Network across Universal Health Services facilities is currently offline, due to an IT security issue. We implement extensive IT security protocols and are working diligently with our IT security partners to restore IT operations as quickly as possible. In the meantime, our facilities are using their established back-up processes including offline documentation methods. Patient care continues to be delivered safely and effectively."

The Doppelpaymer ransomware gang were behind the cyber-attack on a German hospital that led to one patient's death, according to local sources. The Aachener Zeitung newspaper carried a report from the German Press Association that Doppelpaymer's eponymous ransomware had been introduced to the University Hospital Düsseldorf's network through a vulnerable Citrix product.