US CISA issues warning advisory to hospitals after ransomware attacks

29 October 2020 (Last Updated October 29th, 2020 14:15)

The US Cybersecurity and Infrastructure Security Agency (CISA) has released a warning advisory to healthcare facilities after several hospitals in the country have been targeted in ransomware attacks.

US CISA issues warning advisory to hospitals after ransomware attacks
The attackers ask for a ransom from the victim to restore access to the data. Credit: Blogtrepreneur.

The US Cybersecurity and Infrastructure Security Agency (CISA) has released a warning advisory to healthcare facilities after several hospitals in the country have been targeted in ransomware attacks.

CISA requested healthcare facilities to take precautionary measures to protect their networks from such threats.

CNN reported that the latest attacks are an escalation of similar attacks that were carried out on other hospitals and medical facilities in the recent past.

The CISA said on Twitter: “There is an imminent and increased cybercrime threat to US hospitals and healthcare providers.” 

The joint advisory from CISA, the Federal Bureau of Investigation (FBI) and the Department of Health and Human Services (HHS) described the tactics, techniques, and procedures used by cybercriminals to infect systems with Ryuk ransomware for financial gain. 

Ransomware is a type of malware or malicious software that encrypts a victim’s files. 

The attackers ask for a ransom of a few hundred and thousand dollars from the victim to restore access to the data.

US administration official told CNN that several hospitals in the country have been targeted in the attacks over the past two days, and the incidents might be connected. 

The federal government is investigating the attacks, the official added.

Till date, St. Lawrence Health Systems in New York, and the Sky Lakes Medical Center in Oregon have confirmed that they were targeted by such attacks.

Many hospitals in New York, Nebraska, Ohio, Missouri and Michigan were hit by some form of ransomware attacks since July this year.

Reuters quoted experts as saying that the likely group behind the attacks was known as Wizard Spider or UNC 1878.

They further warned that hospital operations can be disrupted due to such attacks.