Pierluigi Paganini
October 30, 2020
Ryuk ransomware operators continue the target the US healthcare industry, the last victims in order of time are the Wyckoff Heights Medical Center in Brooklyn and the University of Vermont Health Network.
The news of the attack comes a few hours after The FBI, the DHS’s Cybersecurity and Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) have issued a joint alert to warn hospitals and healthcare providers of imminent ransomware attacks from Russia.
This security advisory describes the tactics, techniques, and procedures (TTPs) associated with cyber criminals that could target organizations in the Healthcare and Public Health Sector (HPH) to infect systems with Ryuk ransomware.
The government agencies receive information about imminent attacks, threat actors are using the TrickBot botnet to deliver the infamous ransomware to the infected systems.
This week, the systems at Sky Lakes Medical Center in Oregon and St. Lawrence Health System in New York were infected with the Ryuk ransomware. In September, the Ryuk ransomware gang hit Universal Health Services, one of the largest hospital and healthcare services providers, forcing the company to shut down systems at healthcare facilities in the United States. The incident impacted over 200 medical facilities nationwide.
The news of the Ryuk ransomware attack at the Wycoff hospital was first published by Bleeping Computer that was informed by an employee of the organization.
Wyckoff Heights Medical Center is a 350-bed teaching hospital located in an ethnically diverse residential neighborhood directly on the border of northern Brooklyn and Western Queens, NY.
Wyckoff Hospital shut down portions of its network as part of the incident response procedure.
At the time of publishing this post, it is not known the extent of the incident and the impact on the operations of the hospitals.
University of Vermont Health Network also disclosed a similar cyber attack, the organization is working with the FBI and the Vermont Department of Public Safety on the investigation.
“People who are in urgent need of care are getting it and most appointments are happening,” Dr. Stephen Leffler, president of the University of Vermont Medical Center in Burlington, said at a news conference late Thursday outside the hospital. “Most surgeries will happen tomorrow. We did slow some down today as were switching systems.”
The ransomware attack has caused variable impacts at each of our affiliates, the family of ransomware involved in the attack is yet to be revealed.
“The attack has caused variable impacts at each of our affiliates. Staff are continuing to follow well-practiced standby procedures to ensure safe patient care. We understand the difficulty this causes for our patients and the community and apologize for the impact. There have been some changes to patient appointments and we are attempting to reach those patients who have been affected. We will continue to provide systems and patient service updates when they are available,” read a statement from the University of Vermont Health Network.
According to researchers at CheckPoint, Healthcare is the most targeted industry, by ransomware, in the US in October. Ransomware attacks against the US healthcare sector increased by 71%, experts also reported an increase of 33% in APAC and 36% in EMEA.
| [adrotate banner=”9″] | [adrotate banner=”12″] |
(SecurityAffairs – hacking, ransomware)
[adrotate banner=”5″]
[adrotate banner=”13″]
