Crooks are use phishing emails to install ransomware on hospital systems to extort payment.
Hospitals and healthcare facilities across the globe are overwhelmed by the COVID-19 crisis. Staff is working overtime under extremely stressful conditions, facilities are filled to capacity, and resources are spread thin. This is when people with access to devices that can access the hospital’s integrated computer system start to glitch, opening the door to attack.
At the beginning of April 2020, INTERPOL issued a warning to the international Cybercrime Threat Response team, a collaboration of 194 member countries to combat cybercrime. They warned of the heightened threat of ransomware attacks hospitals and healthcare facilities face during the COVID-19 crisis, both because of the factors of being overwhelmed, and because crooks ramped up their attacks specifically to extort hospitals. INTERPOL explained that, “locking hospitals out of their critical systems will not only delay the swift medical response required during these unprecedented times, it could directly lead to deaths.”
Ransomware strains Ryuk and Netwalker have been actively used to attack hospitals around the world. While administrators of the strain DoppelPaymer, Maze claimed they would not attack hospitals during the coronavirus crisis, a research facility in London was attacked with Maze ransomware.
Crooks use phishing emails claiming to be from trusted government sources with guidance or information about COVID-19. These emails contain infected links and attachments that, if clicked on, upload ransomware that infects and locks down a hospital’s system. This holds the entire hospital hostage during a crisis, forcing hospitals to pay to save the lives of their patients and staff.
Since these ransomware attacks are coming from phishing emails, it is more important than ever to review and stick to online safety protocols. Make sure anti-virus software is up to date, installed on all systems and devices, and running all the time. Maintain strong passwords that are updated regularly. Always double check the sender’s email address in emails containing links or attachments and only click through on trusted sources. If you are not sure, err on the side of caution and check with the alleged sender. If you receive an unexpected email or an email from an unknown sender containing links or attachments, do not click links or open attachments.
Hospitals should have all essential files backed up often and stored on a system that is different from their main system. In case of attack, the hospital or healthcare facility will still have access to the vital information needed to continue operations while taking steps to deal with ransomware.