US hospitals brace for flood of Ryuk ransomware

The warning comes after a ransomware attack on a German hospital led to the death of a patient just last month.
30 October 2020

Covid-19 quarantine at a hospital. Source: Shutterstock

  • The FBI and other agencies have warned of an imminent threat of ransomware attacks on America’s healthcare industry
  • An attack could wreak devastation, seeing hospitals having to revert to ‘manual’ methods 

Hospitals across the US are bracing for aggressive cyberattacks that could threaten patient care amid the national rise in COVID-19 hospitalizations after security companies and the federal government warned that Russian cybercriminals had already hobbled operations at several hospitals over the past week.

On Wednesday this week (October 28), the FBI, together with the Department of Health and Human Services (HHS) and the Cybersecurity and Infrastructure Security Agency (CISA), warned that there is an imminent threat of ransomware attacks on American hospitals and health care providers.

The attackers have disrupted hospital systems in Vermont, New York, Oregon, and elsewhere within the past few days, deploying a type of malware called ransomware. Ransomware has resurfaced as a common tactic for hackers, although attacks of this scale against medical facilities aren’t common.

Just last month, a ransomware attack disabled computer systems at Düsseldorf University Hospital in Germany. One patient died as doctors attempted to transfer her out to another hospital, as a result of the disruption caused at the facility by the cyberattack.

Ryuk — a new wave of ransomware attacks

The threat identified by the FBI, CISA, and HHS comes from the “Ryuk” ransomware. It’s a relatively young ransomware family that was discovered in August 2018 and has gained significant popularity in 2020.

While multiple ransomware attacks against health care providers each week have become common, this is the first time six hospitals have been targeted in the same day by the same ransomware actor.

Ryuk is also believed to be behind the recent ransomware attack on Universal Health Services (UHS), running approximately 400 hospitals and care centers across the United States and the United Kingdom, making it one of the largest medical cyberattacks in US history.

“Not only has the number of ransomware attacks increased, but ransomware itself has evolved, with some of the most popular forms disappearing and new forms emerging. In some cases, these are even more disruptive and damaging,” commented Juta Gurinaviciute, chief technology officer at NordVPN Teams.

Putting patients’ safety at risk

A computer virus could put people in serious danger if the target is a healthcare facility. Experts say old machines and outdated software at hospitals have contributed to the spread of ransomware. If the situation doesn’t improve, it could put patients’ safety into further jeopardy.

“The consequences can be grave. If an attack happens in the middle of a surgery, whatever machines are being used could go down, forcing medical staff to fall back on manual methods,” said Gurinaviciute. “MRI machines, ventilators, and some types of microscopes are computers too. Just like our laptops, those computers come with software that the developers have to support. When the machines become old and outdated, the people who made them might stop supporting them. That means that old software can become vulnerable to attacks.”

In many cases, hackers threaten to leak the data they’ve stolen if the victim doesn’t pay a ransom — something that might strike fear and pressure victims into giving in to the extortion demands.

Patient records can sell for up to $1,000 on the black market due to the amount of information found in the documents, including date of birth, credit card information, social security number, address, and email. Social security numbers can be purchased for as little as $1, and credit card information sells for up to $110.