FBI warns of large-scale ransomware threat to the U.S. healthcare industry

The threat of a large-scale ransomware attack once again grabbed headlines in the mainstream press as the U.S.’s Federal Bureau of Investigations, Department of Homeland Security, and Department of Health and Human Services warned that cybercriminals were targeting American healthcare providers.

The alert, which was issued Wednesday, warned that there was “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers” focused on “data theft and disruption of healthcare services.”

The warning comes as hospitals, medical facilities, and healthcare workers around the country are faced with spiking cases of COVID-19. The timing is no accident, as cybercriminals are leveraging the need for these healthcare providers to have access to their data and systems.

The tactic is among the most pervasive of malware threats in recent years: locking down systems with unbreakable encryption and unlocking them only in return for a hefty online payment.

The healthcare industry has long been a favorite target for such attacks, as the life-and-death consequences of computer downtime in hospitals increase the pressure to pay up, as Acronis noted in this report.

Five hospitals in the U.S. have already succumbed to such attacks in the past week, raising fears of lethal consequences as the country struggles to respond to a recent widespread spike in COVID-19 infections. These attacks follow on the heels of a September ransomware attack on United Health Services, a chain of 250 hospitals and clinics that lost access to patient records, medical images, telemetry monitors, and phone systems. It took UHS a week to restore its data centers and networks, and three weeks to completely restore all of its systems.

The scale and effectiveness of ransomware attacks continue to grow as cybercriminals exploit the security weaknesses that accompany the massive shift to remote work that was forced on many businesses by the pandemic. New tactics like “double extortion” have arisen, in which a ransomware attacker first steals sensitive data from a target, then triggers the encryption attack, and finally presents the victim with two threats: “Pay up quickly or we will: a) never unlock your data; and b) start leaking your sensitive files online.”

Cybercriminals used such an attack to last week demand a $20M ransom from Software AG, a large German software vendor. It is particularly effective in regulated industries like healthcare, where failure to protect sensitive information like patient records can result in fines for privacy violations.

Ransomware has become the most pervasive and costly of global malware threats in recent years for several reasons:

1. Cybercrime gangs have mimicked the research and distribution practices of the legitimate cloud services industry, iterating new variations of malware quickly and enlisting an army of low-skilled front men tasked with getting the malware onto victims’ computers. The result is malware that can evade traditional antivirus defenses and can be widely distributed for a very low cost.
2. End-users remain vulnerable to a range of infiltration tactics, including phishing emails and fake websites promising useful information or services: promises of COVID-themed information have proven especially effective in 2020. Cybercriminals are getting better at carefully tailoring their social engineering strategies to improve their success rates.
3. Many businesses struggle to keep up with basic cybersecurity hygiene. The average time it takes a small business to install a software patch that closes a known security vulnerability is 102 days, per cybersecurity researcher Ponemon Institute. This leaves their systems vulnerable to cyberattacks like ransomware.
4. Cybercriminals are increasingly given aid and support by nation-states that use malware attacks to advance geopolitical or economic goals. North Korea, for example, generates significant funds for its regime through malware, as economic sanctions restrict its ability to conduct conventional trade. Russia is believed to provide technical assistance to the cybercrime gang behind the Ryuk strain of ransomware used in recent attacks on U.S. healthcare companies that generated yesterday’s FBI warning. China has long been accused of wielding malware to steal valuable intellectual property from businesses in the West. These state actors have brought greater sophistication and resources to cybercriminal gangs.

For businesses, the trends are all going in the wrong direction: the number of successful ransomware attacks, the average ransoms paid, and the average length and cost of the resulting downtime are all going up. Healthcare will continue to be a popular target, as evidenced by the nearly 1000 known successful ransomware attacks on U.S. hospitals alone in the past year. But there are steps you can take to defend your business:

• Step up your antimalware game by adding behavioral-based defenses to legacy antivirus solutions that operate on signature-matching principles. The use of artificial intelligence to recognize threats by what they do, not just what they look like, is essential in a world where new instances of ransomware are being generated by the day and the hour.
• Reduce the dwell time of known security holes in your systems by applying automation to your vulnerability scanning and patch management operations.
• Deploy measures to defend your employees against common social-engineering attacks like phishing emails and phony websites. Security awareness training and URL filtering are two examples of proven techniques here.
• Make sure that you have a robust backup regimen in place so you can restore your data in the event of a successful attack. This includes minimizing the time between backups for critical data, storing backups in diverse locations (both physical and in the cloud), and adding disaster recovery services in areas where extended downtime presents an existential threat to the business.

Hospitals and healthcare providers across the country are likely facing a historically challenging autumn and winter due to the ongoing pandemic. The last thing they need is to have their data and systems crippled in a ransomware attack instigated by cybercriminals or rogue nation-states. 

Acronis and its partners can help. Take advantage of our free assessment tool to get your #CyberFit Score: a quick read on the state of your cybersecurity readiness. You can also review our recent whitepaper on the cyber protection challenges facing the healthcare industry, including ransomware.

If you want to take immediate action to defend against these attacks, consider taking advantage of a free 30-day trial of Acronis Cyber Protect, our solution for businesses that want to unite their data protection and cybersecurity into a single highly-integrated solution. Or talk to one of our 50,000 partners around the world who can help you upgrade your cyber protection with Acronis technology.