Charles Carmakal, a senior vice president of Mandiant, the incident response arm of cybersecurity firm FireEye identified the cybercriminal group as UNC1878.
According to him, “UNC1878 is one of the most brazen, heartless, and disruptive threat actors I’ve observed over my career.” This cybercriminal group “is deliberately targeting and disrupting U.S. hospitals, forcing them to divert patients to other healthcare providers.”
Mr. Carmakal added that three hospitals were severely impacted by the recent ransomware attacks. He thinks the cybercriminal group intends to deploy more ransomware attacks on hundreds of other hospitals in the United States.
On Tuesday, the Sonoma Valley Hospital in California, Sky Lakes Medical Center in Oregon, and St. Lawrence Health System in New York disclosed that they were victims of ransomware attacks.
In September, Universal Health Services (NYSE: UHS), one of the largest healthcare providers in the United States was hit with a Ryuk ransomware attack by a Russian cybercrime group called Wizard Spider.
