Federal agencies are intensifying their efforts to crack down on foreign hackers targeting U.S. hospitals and health systems.
On July 25, the State Department announced that it was offering a $10 million reward for information leading to the identification or location of individuals acting under the direction or control of a foreign government who engage in malicious cyber activities targeting U.S. critical infrastructure.
Specifically, the State Department is searching for information on Rim Jong Hyok, a man reportedly linked to North Korean military intelligence, who is allegedly involved in a scheme to hack into U.S. healthcare systems.
Mr. Hyok currently stands accused of plotting to infiltrate U.S. hospital computer systems and other healthcare providers by deploying Maui ransomware. He is also suspected of being part of Andariel, a hacker group reportedly controlled by the Reconnaissance General Bureau, North Korea's military intelligence agency.
The State Department's report regarding Mr. Hyok came on the same day as a report from cybersecurity firm Mandiant that found that APT45, a North Korean cyber operator, was intensifying its attacks on the healthcare and pharmaceutical sectors.
Meanwhile, on July 18, two hackers pleaded guilty in U.S. District Court to participating in a ransomware group that has extorted approximately $500 million from various organizations, including hospitals.
Ruslan Magomedovich Astamirov, 21, a Russian national from the Chechen Republic, and Mikhail Vasiliev, 34, a dual Canadian and Russian national from Bradford, Ontario, pleaded guilty for their involvement with LockBit, a cybercriminal gang that has targeted hospitals and health systems.
The men were accused of infiltrating computer systems and deploying LockBit ransomware to steal and encrypt data from at least 12 victims each. In addition to extorting approximately $500 million, LockBit has caused billions of dollars in lost revenue and incident response and recovery costs, according to the Department of Justice.
LockBit has reportedly targeted hospitals in Illinois, New Jersey, and New York. Similarly, in May, the U.S. government charged Dimitry Yuryevich Khoroshev, 31, from Voronezh, Russia, as the alleged mastermind behind the LockBit ransomware group.
Mr. Khoroshev is facing a 26-count indictment in New Jersey for creating and managing LockBit since its 2019 inception. Known online as LockBitSupp, LockBit, or putinkrab, Mr. Khoroshev is accused of causing billions in damages and targeting critical infrastructure, including hospitals.
The State Department is offering up to $10 million for information leading to his capture. If convicted, Mr. Khoroshev faces up to 185 years in prison and significant fines, with allegations that he personally profited $100 million from the extortions.
The crackdown on healthcare hackers comes as the industry faces the most expensive data breaches across all sectors, with average breach costs reaching $9.77 million for the 14th year in a row, according to a 2024 IBM report.