FBI probes string of recent ransomware attacks on U.S. hospitals

By Christopher Bing

WASHINGTON, Oct 28 (Reuters) - The FBI is investigating the recent targeting with ransomware of more than two dozen hospitals across the United States by a sophisticated eastern European group, with a new wave of attacks in Oregon, California and New York just this week, according to three cybersecurity consultants familiar with the matter.

The heavy targeting of hospitals by this hacking group, known within the security industry as UNC-1878, has drawn the attention of federal law enforcement agencies and private sector cybersecurity investigators who say these types of attacks, which disrupt normal hospital operations, can lead to loss of life.

The Federal Bureau of Investigation did not immediately respond to a request for comment.

“This appears to have been a coordinated attack designed to disrupt hospitals specifically all around the country,” said Allan Liska, a threat intelligence analyst with U.S. cybersecurity firm Recorded Future.

“While multiple ransomware attacks against healthcare providers each week have been commonplace, this is the first time we have seen six hospitals targeted in the same day by the same ransomware actor.”

In the past, ransomware infections at hospitals have downed patient record keeping databases, which critically store up to date medical information, affecting hospitals’ ability to provide healthcare.

Two of the three consultants familiar with the attacks said the cybercriminals were commonly using a type of ransomware known as “Ryuk,” which locks up a victim's computer until a payment is received. (Reporting by Christopher Bing; Editing by David Gregorio)