Hackers are increasingly targeting health-care institutions and threatening people’s well-being as their software attacks get more sophisticated and brazen.
Ransomware attacks, in which hackers cripple a software system until they receive a bounty, have surged this year, along with financial demands, security experts say. The attacks have been around for decades but have flourished as society has become more dependent on technology. Other factors include the rise of the cryptocurrency bitcoin, more advanced hacking techniques and, some say, the widespread adoption of cyber insurance.
“The trend has been going up for a while, but in 2020 it has just been skyrocketing,” said Dmitri Alperovitch, the chairman of Silverado Policy Accelerator, a nonprofit think tank focused on cybersecurity.
Hackers have expanded their targets to include health-care companies. This week, one of the nation’s largest hospital chains,
Universal Health Services Inc.,
diverted ambulances from some facilities after a crippling ransomware attack. It said the outage didn’t harm patients, but systems used for medical records, laboratories and pharmacies were offline at about 250 of the company’s U.S. facilities.
The attack occurred Sunday morning, and the Universal Health’s network remained offline Wednesday, though priority systems such as email and clinical operations systems were being restored gradually across the country, the company said.
In a separate incident in Germany, prosecutors have launched an investigation after a woman died earlier this month when her ambulance was diverted from University Hospital Düsseldorf in the country’s North Rhine-Westphalia state.
A ransomware attack hit the hospital on Sept. 10, shutting down computer systems and forcing it to reroute ambulances away from its emergency room for 13 days. IT systems there are still recovering, hospital spokesman Tobias Pott said Tuesday.
Attacks on medical facilities are worrying because delays in patient care have been directly linked to patient harm, said Joshua Corman, a senior adviser at the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. “We’ve had a growing concern that this degraded and delayed patient care would lead to a demonstrable loss of life.”
Mr. Corman said he had hoped hackers would leave hospitals alone as they were swamped by the coronavirus pandemic, but that hasn’t happened. “We’d assumed that they would be smart enough not to attack, but I think [hackers’] assumption was that [victims] would definitely pay.”
says ransom demands for large organizations can range between $10 million and $30 million, and hackers are increasingly following up their ransom demands with threats to publish stolen data online, hoping to extract more money. Many companies make the payments.
“Victims are paying millions of dollars in ransom, and it’s continuing to perpetuate this criminal activity.”
But some don’t. Last week, hackers released Social Security numbers and other private information after administrators at a Las Vegas public-school district refused to pay an extortion demand, The Wall Street Journal reported Monday.
This month alone, FireEye has tracked 100 ransomware incidents world-wide, more than twice