U.S. hospitals warned of imminent ransomware attacks from cybercriminals


The Federal Bureau of Investigation (FBI) and several other federal agencies warned hospitals regarding “credible” and “imminent” ransomware attacks from cybercriminals.

On Wednesday, the FBI, the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (DHHS) informed hospitals regarding a “credible of an increased and imminent cybercrime threat to US hospitals and healthcare providers.”

The federal agencies warned that cybercriminals have been targeting the hospital industry, and expected them to launch “ransomware attacks and data theft” that could lead to “disruption of health care services.”

Signup for the USA Herald exclusive Newsletter

Cybercriminals might use Ryuk ransomware for “financial game.” Ryuk is a dangerous type of malware that encrypts the files of victims. Usually, the cybercriminals behind Ryuk ransomware attacks demand a high ransom from their victims in exchange for a decryption key to regain access to their files.

Cybercriminal group UNC1878 behind the recent ransomware attacks on hospitals

The federal agencies’ warning follows the recently coordinated ransomware attacks on multiple hospital IT networks by a group of cybercriminals from Eastern Europe particularly Russia.

Charles Carmakal, a senior vice president of Mandiant, the incident response arm of cybersecurity firm FireEye identified the cybercriminal group as UNC1878.

According to him, “UNC1878 is one of the most brazen, heartless, and disruptive threat actors I’ve observed over my career.” This cybercriminal group “is deliberately targeting and disrupting U.S. hospitals, forcing them to divert patients to other healthcare providers.”

Mr. Carmakal added that three hospitals were severely impacted by the recent ransomware attacks. He thinks the cybercriminal group intends to deploy more ransomware attacks on hundreds of other hospitals in the United States.

On Tuesday, the Sonoma Valley Hospital in California, Sky Lakes Medical Center in Oregon, and St. Lawrence Health System in New York disclosed that they were victims of ransomware attacks.

In September, Universal Health Services (NYSE: UHS), one of the largest healthcare providers in the United States was hit with a Ryuk ransomware attack by a Russian cybercrime group called Wizard Spider.


Have a story you want USA Herald to cover? Submit a tip here and if we think it’s newsworthy, we’ll follow up on it.

Want to contribute a story? We also accept article submissions – check out our writer’s guidelines here.