Posted on November 10th, 2020 in Cybersecurity

Hospitals across the U.S. are on high alert after multiple U.S. federal agencies issued an emergency warning of an “increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” According to an October 28th report published jointly by the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), and the Department of Health and Human Services (HHS), officials have received “credible information” about a new hacker initiative targeting health facilities using a variety of malware and ransomware viruses. All this is coming on the heels of six confirmed ransomware attacks against hospitals on October 26th and 27th. 

As with most ransomware attacks, the motivations are thought to be largely financial. But, with the country’s healthcare system already overloaded by the Coronavirus pandemic, experts are worried that the cyberattacks could have rippling effects that extend beyond hospitals’ bank accounts. So, what exactly are these attacks? Who’s behind them? And what kind of response should healthcare providers be taking to stay safe from these types of security risk to organizations?

What We Know About the Cyberattacks

According to the cybersecurity report, the new wave of attacks center around the use of two well-known malwares: TrickBot and BazarLoader. Usually occurring through standard email phishing attempts, these malware viruses are hidden in malicious links and email attachments. Once a user unwittingly clicks, the virus is discretely downloaded and installed onto a computer. From there, both TrickBot and BazarLoader provide cybercriminals with a host of illegal tools to use remotely, not the least of which is deploying the ransomware Ryuk.

Ransomware like this is one of biggest cyber security issues 2020 has seen. The virus malware is used by hackers to encrypt private data on a victim’s computer or network server. Once the files have been locked, the hacker then can demand ransom under threat of either deleting, publishing, or continuing to block access indefinitely. This payment is generally made through Bitcoin or another associated cryptocurrency, allowing the cybercriminal to collect their money without revealing their identity. 

Want to help fight these cyber attacks? Attend a FREE Intro to Cybersecurity to get started!


The report does not name a specific criminal or criminal enterprise. But according to cybersecurity firm Mandiant, the culprit is an Eastern European hacking entity known as UNC1878. Mandiant has been tracking the exploits of UNC1878 for months, and said the group is responsible for at least one-fifth of all Ryuk-involved attacks. This includes ransomware attacks on hospital groups in the United Kingdom and France, as well. 

How Could This Impact Healthcare Systems?

In the case of hospitals and healthcare providers, ransomware attacks could mean stealing patient records, payment information, treatment plans, or anything else that providers would need to continue offering adequate care. Clearly, this could lead to lawsuits from patients and providers, especially if their private records are leaked. Beyond that, though, paying the ransom may not even get hospitals their files back. One cybersecurity firm estimates that 25-30% of ransomware hackers don’t come through and decrypt files, or they stay hidden in the system and will strike again at a later date. 

But even beyond these costs is the potential disruption to healthcare providers being able to do their jobs. When these kinds of attacks disable IT systems, care providers are often forced to send patients to other facilities or endure long wait-times as they attempt to process patients manually. Not only is this frustrating and damaging to the reputation of the hospital, it also could mean a lack of care for patients in need of treatment. And with the coronavirus still very much looming, that slow response time or turning away of patients could be deadly.

How Are Cybersecurity Professionals Fighting Off Ransomware Attacks?

Presently, much of the healthcare world is bracing for impact, prompting hospitals to take immediate action by shutting down emails and patient portals, as well as performing emergency backups of their data. But are these steps enough to combat the increasingly advanced tactics and malicious software used by hackers? What about those who have already been hit by a ransomware cyberattack? And who has the best cybersecurity practices?

Rather than trying to fix things on their own, healthcare organizations are best off consulting with cybersecurity firms and professionals. In the case of a ransomware attack that’s already occurred, the first job is stopping the spread of ransomware to other connected computers and networks. They also can trace the infection to vulnerable points of entry, which will prevent future attacks from occurring. But even if cybersecurity professionals have quarantined and removed the virus, they’re then faced with the difficult task of repairing or restoring data that’s already been encrypted. This may be possible with the use of advanced decoding software, but truth be told, this may be more about damage control. If all else fails, some cybersecurity firms may be willing to negotiate with the hacker on your behalf. 

The outlook is far sunnier when cybersecurity professionals have the chance to implement preventative measures. Some important steps to preventing ransomware are:

  • Creating offsite backups of your data that cannot be accessed in a ransomware attack
  • Following the “3-2-1” rule, which states having three backups on two types of media with at least one stored offline
  • Limiting administrative access, making less critical data available to hackers
  • Implementing AI to monitor for potential ransomware threats
  • Routine patch management and constant updates to security software
  • Training your team on best practices for avoiding phishing and social engineering attempts
  • Developing a competent and thorough cyberattack response plan

Much of this is also recommended by CISA, meaning much more peace of mind for healthcare organizations looking to defend against this and all future ransomware attacks.

Learn to Help in the Fight Against Cyberattacks with Eleven Fifty Academy

Security threats like the ones facing U.S. hospitals don’t just impact the bottom-line for a company that falls victim—they have real, measurable effects on patients and others who rely upon IT infrastructure to receive the care they need. Maybe this is why cybersecurity jobs are more in-demand now than ever before, with top analysts projecting huge gaps in the future between our growing demand for cybersecurity professionals and those available with the skills needed to fight the good fight. 

Ready to explore this exciting career field for yourself? Eleven Fifty Academy can get you equipped to kick off a brand new career in cybersecurity with the new year in just a few short months. Click here to learn more about our FREE Intro to Cybersecurity courses, or schedule a meeting with our admissions specialists to explore your options for a new future in cybersecurity.

Ready to talk with an Admissions Advisor?

Schedule a meeting



Sign up for a FREE course today!  Enroll Now!