Technical Support: 412-349-6678 | Incident Response

Healthcare Industry Targeted By Ryuk Ransomware

Ryuk ransomware hitting healthcare industry hard

Last week, we discussed the criticality of data security for the healthcare industry and the different fines that result from data management failure. 

As if that wasn’t scary enough for Halloween, the FBI, U.S. Department of Homeland Security (DHS), and the U.S. Department of Health and Human Services (HHS) convened at a teleconference on Oct.28, to present healthcare industry executives with a warning: the Ryuk ransomware group presents an “imminent cybercrime threat to U.S. hospitals and healthcare providers.”

At first, this might seem like the same warning sent every few months.  Some new attack affecting someone else from another strange-sounding criminal gang. 

However, the same could be said before COVID-19 about SARS, MERS, and other potential pandemics that threatened us, but never quite arrived in the United States.  We can never know when the close call will become our own realized nightmare.

For immediate assistance with an ongoing incident or to obtain help monitoring cybersecurity activities, contact Blue Bastion today at 412-349-6680.  Meanwhile, for those who are not under immediate attack, let’s examine the Ryuk threat, other developments in ransomware, and evolving challenges for healthcare CIOs.

The Ryuk Threat

Why is this Ryuk threat different from their activities before? 

Cybersecurity intelligence researchers intercepted Ryuk ransomware members discussing plans to attack over 400 healthcare facilities in the U.S. 

While no specific attack vector was listed, we do know the basic characteristics of the Ryuk ransomware attack: first phish, then exploit the breach.  

Since phishing remains a key entry point for Ryuk, as well as other ransomware attacks, this is a good time to remind employees not to click on links and for the organization to take precautions

CIOs can also take action to watch for signs of a breach and attempt to block known Ryuk domains.  Of course, non-healthcare providers also need to remain alert as the Ryuk ransomware gang also recently hit Sopra Steria, a French IT Services company, and Steelcase, a U.S.-based office furniture company.

Fortunately, we have not yet seen hundreds of healthcare providers hit by ransomware.  However, ransomware attackers tend to wait for the weekend to strike … when IT teams have left for the weekend.

Still, some healthcare providers have also been hit during the week. That list includes: Ridgeview Medical Center in Waconia (MN), Sky Lakes Medical Center in Klamath Falls (OR), Sonoma Valley Hospital (CA), St. Lawrence Health System (NY), and The University of Vermont Health Network (VT).

Healthcare Industry Targeted by Ransomware

Other Ransomware Developments

While the Ryuk ransomware gang is hitting the headlines, this month the REvil ransomware gang bragged about making a profit of more than $100 million in one year from their activities.  Yet, this only represents the 20-30% commission they earn for deploying their Ransomware-as-a-Service. An estimated $300 to $500 million flowed through to their affiliates who performed the attacks!

With $500 million in revenue for one ransomware gang, we can easily understand why criminal hackers have been racing to join in the attack. The increased competition also drives innovation as criminals seek to extract more funds and differentiate themselves from each other.

Ransomware attackers began leaking stolen data in 2019 to pressure companies into paying ransoms. This, of course, results in immediate HIPAA breach concerns for healthcare providers.  

Some providers, such as the University Hospital New Jersey, paid ransoms primarily to avoid the release of patient data.

In Finland, the Vastaamo psychotherapy center faced a new data break extortion angle: blackmailing the patients.  Two years after an initial data breach, an attacker contacted the clinic demanding payment.  When the clinic was slow to pay, the attacker then contacted the patients directly and threatened to release their mental health records.

Evolving Healthcare CIO Headaches

This year, the first death associated with a ransomware attack occurred. And, the economy is in shambles as a result of the COVID-19 pandemic. 

Even as ransomware and other attacks are expected to increase, experts predict that IT budgets will likely decrease.

Security researchers note that many healthcare providers upgraded most of their PCs to Windows 10. However, 32% of providers continue to deploy older operating systems, including Windows XP.  

Legacy equipment must be segmented carefully on the network so that their vulnerabilities can be shielded from attacks.

Unfortunately, the majority of organizations still mix personal and medical devices on the same network.  Careful design and virtual networks creates segmentation or microsegmentation to isolate devices, but networks rarely remain static. 

As employees, equipment, and circumstances change, the network needs to adapt and remain current with those changes.  If not, we wind up with vulnerable legacy devices sharing a network with equipment connected to the internet.

As CIOs face increasing pressure and reduced budgets, outsourcing can provide expertise on a part-time basis. Our clients often use us to catch up on projects, monitor networks, and respond to emergencies.

Ideal Integrations and Blue Bastion provide a range of services such as IT system design, network monitoring, patch management, cybersecurity monitoring, or red team penetration testing. 

Complete the form below to contact us today, or call us at 412-349-6680 to see how we might be able to help your current and ongoing needs.

Need a Managed IT Solution For Your Organization? Contact Us!

  • This field is for validation purposes and should be left unchanged.