The Federal Bureau of Investigation, the Department of Health and Human Services (HHS), and the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency have warned U.S. hospital administrators about a series of cyberattacks targeting hospitals, clinics, and medical complexes. In these ransomware attacks, hackers take the facilities offline and hold their data hostage in exchange for multimillion-dollar payments.
While officials did not specify the affected hospitals, Sonoma Valley Hospital in California, St. Lawrence Health System in New York, and Sky Lakes Medical Center in Oregon were among the hospitals that reported recent breaches. These breaches were linked to attacks in September against Universal Health Services, a network of more than 400 hospitals. The intrusions shut down computer systems, diverted ambulances, froze electronic health records, and delayed surgeries, according to hospital representatives.
The current campaign of attacks, which comes as coronavirus cases spike across the country, are believed to be carried out by the same Moscow- and St. Petersburg-based hackers behind TrickBot, a conduit for ransomware attacks. In September, the U.S. Cyber Command and Microsoft began dismantling TrickBot's online infrastructure to avoid disruptions to the U.S. presidential election. However, these efforts had the unintended consequence of cutting off access to the hackers and, given the more recent attacks on American hospitals, appear to have done little to deter the cybercriminals.