Six U.S. hospitals were hit by ransomware attacks from Oct. 26 to Oct. 27, and federal authorities and IT security experts are warning there are likely more on the way.
The FBI, HHS and the Cyber Security and Infrastructure Security Agency under the Department of Homeland Security issued a warning on Oct. 28 for hospitals to guard against Ryuk ransomware, which was used in the attacks, and cybersecurity firms warned that criminal organizations claim to have a list of more than 400 targeted hospitals, 30 of which have been infected already.
"This is the most significant cyber threat I've seen in the United States in my career," Charles Carmakal, chief technology officer of cybersecurity firm Madiant, told The Wall Street Journal.
Click here for information about the ransomware attacks. Below are seven updates since Becker's covered the incident on Oct. 29.
1. The Joint Cybersecurity Advisory updated its warning to hospitals about ransomware to include information about Conti, TrickBot and BazarLoader. The initial statement focused on Ryuk ransomware and said the federal government had "credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers."
2. Hackers are now targeting the healthcare sector with TrickBot and BazarLoader malware which can lead to ransomware attacks. The cybercriminal enterprise behind the attacks distributes the malware through phishing campaigns.
3. BazarLoader and BazarBackdoor were first identified early this year and are a new technique for infecting and monetizing networks, according to the advisory. They can lead to ransomware deployment and typically arrive as a phishing email that contains a link to a Google Drive controlled by the cybercriminals. The emails may contain the recipient or employer's name in the subject line or email body.
4. Klamath Falls, Ore.-based Sky Lakes Medical Center and Upstate New York-based St. Lawrence Health System self-identified as victims of the October ransomware attack. The federal government did not name the other organizations involved. UVM Health in Burlington, Vt., reported a significant systemwide IT issue Oct. 29, but did not confirm whether the incident was related to the other ransomware attacks.
5. Both Sky Lakes Medical Center and St. Lawrence Health System kept their facilities operational during the attacks. On Oct. 29, a local Fox affiliate reported two days after the attack that Sky Lakes Medical Center is still working on bringing its computer system back online after shutting down Oct. 27.
6. The ransomware attacks on hospitals have now been linked to the criminal hacking collective UNC1878, according to The Wall Street Journal. UNC1878 typically uses Ryuk ransomware in attacks.
7. Ryuk is responsible for 75 percent of ransomware attacks on hospitals and healthcare providers in the U.S., according to a report from CheckPoint. In October, there was a 71 percent increase in ransomware attacks against the U.S. healthcare sector.
More articles on cybersecurity:
Hospital CISOs to meet, prep for 'long war' against cyberattacks
10 healthcare malware, ransomware and phishing incidents this month
Missouri health system back online after shutdown: 4 details