Hackers backed by the North Korean government have attacked scores of healthcare organizations with ransomware over the past year, in some cases disrupting healthcare services for “prolonged periods,” the FBI and other US agencies warned on Wednesday.
North Koreans used ransomware – a type of malicious computer code that locks computer files – to encrypt computer systems hosting electronic health records and diagnostic and imaging services, the FBI, the Treasury Department and the US Cybersecurity and Infrastructure Security Agency (CISA) said ). in consultative urging healthcare organizations to strengthen their cyber security.
It’s the latest indication that state-sponsored hackers from countries like North Korea and Iran are ready to deploy ransomware against the healthcare sector, a tactic more often associated with non-state cybercriminals.
FBI Director Christopher Wray in June accused Iranian government-backed hackers for a “heinous” cyberattack on Boston Children’s Hospital last year, a charge Tehran has denied. No ransomware was used in this case, but Iranian hackers were targeted another US council on healthcare ransomware in November.
Healthcare facilities, already strained for resources due to Covid-19, had to deal with devastating ransomware attacks during the pandemic. An IT administrator at a 100-bed hospital in Florida told CNN in January how he shut down the facility’s computer systems in January to prevent a ransomware attack from spreading throughout the hospital.
The fall of 2020 saw a wave of ransomware attacks against US hospitals by Russian-speaking cybercriminals, including one apparent ransomware incident in October 2020 that forced the University of Vermont to postpone chemotherapy appointments.
In their briefings on Wednesday, US agencies on Wednesday did not name the organizations that fell victim to the alleged North Korean hackers.
The Center for Health Information Sharing and Analysis, a cyberthreat sharing group for major healthcare providers around the world, has not identified any of its members as victims, said Errol Weiss, the group’s chief security officer.
“My guess is that the victims are smaller organizations and they’re not prepared to deal with a ransomware attack,” Weiss told CNN.
North Korea has defied stereotypes of a technology-deprived country for years to build a formidable hacking force. The US government has accused Pyongyang of developing the so-called WannaCry ransomware in 2017, which has spread to more than 200,000 machines in 150 countries. The incident cost Britain’s National Health Service alone more than $100 million.
“Among its peers, North Korea is unique in its deep, active involvement in cybercrime,” said John Hultquist, vice president of intelligence analysis at cybersecurity firm Mandiant. “Unlike other countries that can contract and bargain with local criminals, the North Korean state commits cybercrimes directly against targets around the world.”