The FBI, Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) published a warning about an "imminent and increased cybercrime threat to U.S. hospitals and healthcare providers" in a joint advisory issued late Wednesday.
Reportedly, around two dozen hospitals have already been caught up in the campaign.
According to security experts, the reputed culprit behind the attack is a Russian threat group known as Wizard Spider. The group is known to deploy the trojan malware Trickbot and Ryuk ransomware — a combination that has already been responsible for wreaking havoc on a multitude of organizations this year.
Worst of all, the assault comes amidst a spike in COVID-19 cases across the country. Indeed, despite initial claims of a potential detente between cybercriminals and health-care systems, hackers have incessantly targeted hospitals throughout the pandemic.
In September, a large cyberattack struck United Health Services, forcing some hospitals to divert surgeries and ambulances outside of the UHS network due to malfunctions, while others were left without access to phones and computers, according to reports.
According to security experts, health-care systems aren't particularly well equipped to handle cyberincidents.
“Hospitals are vulnerable because they are a mix of IT systems from a wide array of vendors, most of which have a medical, not a computer security background," said Justin Cappos, professor of computer science and engineering at the NYU Tandon School of Engineering. Cappos, who studies resilience and cybersecurity strategies, said that hospitals were considered a "soft target" when compared to more heavily fortified institutions like a major corporation or a bank.
"It is a very difficult environment for vendors, hospital IT staff, nurses, and doctors to secure," said Cappos. "You also have a lot of systems that do not have security updates (since some vendors believe this requires recertification) and so these systems are very open to attack."
Federal officials have asked health organizations to defend themselves against attacks with contingency plans and other preparations.
"Without planning, provision, and implementation of continuity principles, organizations may be unable to continue operations," the advisory warns, also advising that entities should assess security gaps so that they can "establish a viable continuity program that will help keep them functioning during cyberattacks or other emergencies," federal agencies warned.
