An Eastern European cybercriminal group has conducted ransomware attacks at multiple U.S. hospitals in recent days in some of the most disruptive cyber-activity in the sector during the coronavirus pandemic, cybersecurity company FireEye said Wednesday.
The group, which FireEye calls UNC1878, has been deploying Ryuk ransomware and taking multiple hospital IT networks offline, said Charles Carmakal, senior vice president of Mandiant, FireEye’s incident response arm.
“UNC1878 is one of most brazen, heartless and disruptive threat actors I’ve observed over my career,” Carmakal said. The group’s activity “is deliberately targeting and disrupting U.S. hospitals, forcing them to divert patients to other healthcare providers,” he said.
The company did not detail any specific attacks, or the timing of the activity it says it observed.
The announcement coincides with multiple reported ransomware incidents, including an attack earlier this week on Oregon’s Sky Lakes Medical Center. The medical center carried on with emergency and urgent care, but said that “communications with the medical center will be a little complicated, however, until systems are restored.”
Ransomware also infected the IT networks of hospitals in New York state, forcing the Canton-Potsdam, Massena and Gouverneur hospitals to revert to back-up processes. A new variant of Ryuk was reportedly involved.
The FBI and departments of Homeland Security and Health and Human Services convened a phone call on Wednesday to brief the private sector on the attacks. An invitation to the call said it would cover “credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers.”
The ransomware incidents this week follow a reported Ryuk ransomware attack on Universal Health Services, which describes itself as one of the largest health care providers in the U.S.
Cybercriminals have continued to lock down IT systems at hospitals and demand payoffs, despite the deadly coronavirus pandemic. U.S. federal agencies and private companies have called in reinforcements to try to blunt the impact of the attacks.
Cybersecurity professionals around the world have been so concerned by the hacking of health care organizations that they have volunteered their time to protect them. For its part, the U.S. Cybersecurity and Infrastructure Security Agency in July hired Josh Corman, a health care cybersecurity specialist, to bolster the agency’s work to defend the sector from attacks.