Hackers are going after U.S. hospitals with a fresh wave of cyberattacks this week just as coronavirus cases surge around the country.
Eskenazi Health, a health-care service provider that operates a 315-bed hospital, inpatient facilities, and community health centers throughout Indianapolis, was crippled by a ransomware attack that began between 3:30 and 4 a.m. Wednesday morning, a spokesperson told The Daily Beast.
By 8 a.m. Eskenazi Health was turning ambulances away and diverting patients to other hospitals as a result of the ransomware incident, the spokesperson said.
âA ransomware attack happened,â an Eskenazi spokesperson told The Daily Beast, confirming that all of Eskenazi Healthâs locationsâits hospital, its inpatient facilities, and its community health centersâare impacted. The spokesperson added that Eskenazi Health was working to contain the ransomware by shutting down some services and operations in order to try to keep the malware from spreading through its systems.
âThey took all of our systems down so they wouldnât get breached,â the spokesperson said, confirming email systems and electronic medical records were still down as of Thursday evening.
Eskenazi Health is not alone. Sanford Health, a Sioux Falls, South Dakota-headquartered health system which includes 46 hospitals and care locations in 26 states and 10 countries, said in a statement Thursday it had been hit with a cyberattack in recent days as well. Sanford Health did not confirm whether it was the victim of ransomware, but president and CEO Bill Gassen confirmed to The Daily Beast it was working to âcontainâ the impact.
In both the Sanford Health and Eskenazi Health cases, patient data and employee data were not affected, officials said.
But while the hospitals may have stopped the attacks in their tracks, people who are seeking care could still be feeling the real-world effects, says Ohad Zaidenberg, the president and co-founder of CTI League, a consortium of volunteer cybersecurity researchers established during the pandemic to help medical entities deal with the increase in cyberattacks in the health sector.
And while some ransomware attacks can result in theft of data and headaches for patients and hospitals trying to keep their sensitive information private, ransomware attacks against hospitalsâespecially during the COVID-19 pandemic, when patients need life-saving urgent medical careâare some of the cruelest hacks, Zaidenberg says.
At least one death following a recent ransomware attack against a hospitalâDĂźsseldorf University Hospital in Germanyâhas raised questions in recent months about whether ransomware could directly or indirectly lead to fatalities. And while police determined after an investigation that the cyberattack did not cause the personâs death, the Eskenazi incident is raising the same life-or-death questions, says Zaidenberg.
âHere we have another case: this ransomware attack forced the hospital to divert patients,â Zaidenberg told The Daily Beast, noting that even an attempted ransomware attack that is thwarted partway through can be more life-threatening than data theft. âIt puts at risk people that are already at risk.â
The news of the cyberattacks comes months into the Biden administrationâs effort to clamp down on ransomware attacks following high profile hacks against meat supplier JBS, Colonial Pipeline, and attacks against thousands of businesses earlier this year. Following warnings from the Biden administration about possible disruptive counterattacks, the hackers behind these Russian-speaking ransomware gangs seemed to retreat in recent weeks, going dark online. Some researchers have suggested theyâve regrouped and banded together under a new name, âBlackMatter,â and according to an anonymous interview with a cybersecurity analyst at security firm Recorded Future this week, the BlackMatter gang promised to not target critical infrastructure, including health-care entities.
Anne Neuberger, the White Houseâs deputy national security adviser for cyber and emerging technology, said Wednesday at an Aspen Security Forum virtual event that this could be a sign that President Joe Bidenâs warnings have worked, to some extent. âWe think weâre seeing a commitment,â Neuberger said, adding she thinks âthe proof will be in the pudding⌠we will look to see the action to follow up on that commitment.â
The White House is waiting for concrete progress and not just empty promises but âthis is a problem thatâs built up over a number of years and itâs not something that will be solved in a moment,â a senior administration official told reporters during a call earlier this month. âIt wonât be turned off like a light switch.â
Experts tracking ransomware in the private sector arenât sure promises to avoid critical infrastructure are a win. Ransomware gangs have been laying out all kinds of morally minded guardrails for years, and then blowing right through them. Last year at the beginning of the coronavirus pandemic multiple ransomware gangs issued statements saying they wouldnât target hospitals or medical entities, but ransomware attacks against hospitals have continued.
Any assurances that one gang is backing off are also worthless if another ransomware gang picks up the slack, according to Brett Callow, a threat analyst for cybersecurity company Emsisoft.
âBlackMatter are cybercriminals and their claims are really quite meaningless,â Callow told The Daily Beast. âAlso, even if they did adhere to their commitment, there are numerous other threat groups which would have no qualms about attacking the health sector.â
Tom Hofmann, senior vice president of intelligence at security firm Flashpoint, told The Daily Beast that a reshuffling of hackers does not necessarily translate into a decrease in ransomware attacks.
âWe haven't seen a slowdown in ransomware,â said Hofmann, whose firm works to negotiate ransoms with ransomware gangs on behalf of victims. âRather, we are seeing the natural rotation of some groups stopping operations, but new groups continue to emerge to fill the void.â
It was not clear which hackers were responsible for the incidents at Eskenazi Health and Sanford Health.
Just three months ago the FBI warned hospitals and health care systems of the Russian-speaking Conti ransomware gangâs campaigns targeting the health sectorânoting it had already run 16 different attacks in just the last year.
The FBI and the Department of Homeland Securityâs cybersecurity agency, the Cybersecurity and Infrastructure Security Agency, did not immediately return requests for comment about the latest incidents.
For now, patients needing emergency care from Eskenazi Health are out of luck. As of Thursday evening, the company was still diverting ambulances and had no estimation for when all services would be back up and running normally.
