A federal alert has been co-authored by the Department of Homeland Security and the Department of Health and Human Services warning of cyberattacks. According to the Associated Press, the agencies are warning that “cybercriminals are unleashing a wave of data-scrambling extortion attempts against the U.S. healthcare system designed to lock up hospital information systems.”
Obviously, as COVID-19 cases are reportedly rising in certain states across the country, our healthcare system is already vulnerable. Adding a cyberattack could prove catastrophic. The two federal agencies warned they had “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”
The federal report alleges that the perpetrators are malicious groups wanting to create attacks that produce “data theft and disruption of healthcare services.” The AP reports “the U.S. has seen a plague of ransomware over the past 18 months or so, with major cities from Baltimore to Atlanta hit and local governments and schools hit especially hard.”
In September, a “ransomware attack hobbled all 250 U.S. facilities of the hospital chain Universal Health Services” which forced doctors and nurses to “rely on paper and pencil for record-keeping and slowing lab work.” Additionally, reports the AP, “Employees described chaotic conditions impeding patient care, including mounting emergency room waits and the failure of wireless vital-signs monitoring equipment.”
CEO of Hold Security, Alex Holden, has been tracking the suspicious ransomware for over a year. “One of the comments from the bad guys is that they are expecting to cause panic and, no, they are not hitting election systems,” said Holden. Instead, “they are hitting where it hurts even more and they know it.”
Holden has not publicly identified the affected hospitals, but “four healthcare institutions have been reported hit by ransomware so far this week.” Three belonged to the “St. Lawrence County Health System in upstate New York and the Sky Lakes Medical Center in Klamath Falls, Oregon.”
According to Brett Callow, an analyst at the cybersecurity firm Emsisoft, 59 U.S. healthcare providers/systems have been affected by ransomware in 2020 alone. As a result, up to 510 facilities have experienced disruptions in patient care.