Why North Korea Ransomware Attacks Target U.S. Health Care Providers
The U.S Department of Justice (DOJ) announced this week that around $500,000 in Bitcoin
The attacks caused extensive disruption to IT systems and medical services and put patient safety at risk. The new ransomware variant was discovered during an investigation of a ransomware attack on a hospital in Kansas in May 2021. The Kansas provider had alerted the FBI when the ransomware occurred. As a result, the FBI was able to observe a $120,000 bitcoin payment into one of the seized accounts that was separately being paid by the health care provider in Colorado.
The attack was traced to a North Korean hacking group that is suspected of receiving backing from the DPRK. The Kansas hospital had its servers encrypted, preventing access to essential IT systems for more than a week. The hospital paid a ransom of $100,000 for the keys to decrypt files and regain access to its servers and promptly.
“Thanks to rapid reporting and cooperation from a victim, the FBI and Justice Department prosecutors have disrupted the activities of a North Korean state-sponsored group deploying ransomware known as ‘Maui,’” said Deputy Attorney General Lisa O. Monaco today at the International Conference on Cyber Security. The Treasury, FBI, and the Cybersecurity and Infrastructure Security Agency (CISA) released a joint alert on July 6 regarding Maui and the targeting of health care providers.
While Ransomware Is A New Phenomenon, Healthcare Organizations Are Most Vulnerable
The number of ransomware attacks on healthcare organizations increased 94% from 2021 to 2022, according to a report from the cybersecurity firm Sophos. This may interest you : Kron Telekomünikasyon Hizmetleri : The Most Common Types of Cyber Attacks in 2021. More than two-thirds of healthcare organizations in the US said they had experienced a ransomware attack in 2021, the study said, up from 34% in 2020.
In October 2020, the FBI, CISA, and the U.S. Department of Health and Human Services had issued a joint alert that stated there was, “…credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers. CISA, FBI, and HHS are sharing this information to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.”
In a section of CISA’s website, the organization explains part of the problem. “Health information technology provides critical life-saving functions and consists of connected, networked systems that leverages wireless technologies, which in turn leave such systems more vulnerable to cyber-attacks,” states CISA on the vulnerabilities to healthcare and the public sector.
Targeting health care providers also is motivated to expose sensitive patient information and lead to substantial financial costs to regain control of hospital systems and patient data. According to Experian, health care data is extremely lucrative with records going for $1,000 per record, which is substantially greater than credit card reports that go for $5 to $10 a piece on the dark market.
The combination of high-dollar rewards for breaching a U.S. hospital’s data records along with temporarily shutting down the technical services until a Bitcoin ransom is paid is an outright attack on American citizens while they are in need of healthcare services. The cost of this to our society is alarming and requires innovation as well as investment from the public sector to kickstart ways to solve this ongoing issue.