Hackers are going after U.S. hospitals with a fresh wave of cyberattacks this week just as coronavirus cases surge around the country.
Eskenazi Health, a health-care service provider that operates a 315-bed hospital, inpatient facilities, and community health centers throughout Indianapolis, was crippled by a ransomware attack that began between 3:30 and 4 a.m. Wednesday morning, a spokesperson told The Daily Beast.
By 8 a.m. Eskenazi Health was turning ambulances away and diverting patients to other hospitals as a result of the ransomware incident, the spokesperson said.
“A ransomware attack happened,” an Eskenazi spokesperson told The Daily Beast, confirming that all of Eskenazi Health’s locations—its hospital, its inpatient facilities, and its community health centers—are impacted. The spokesperson added that Eskenazi Health was working to contain the ransomware by shutting down some services and operations in order to try to keep the malware from spreading through its systems.
“They took all of our systems down so they wouldn’t get breached,” the spokesperson said, confirming email systems and electronic medical records were still down as of Thursday evening.
Eskenazi Health is not alone. Sanford Health, a Sioux Falls, South Dakota-headquartered health system which includes 46 hospitals and care locations in 26 states and 10 countries, said in a statement Thursday it had been hit with a cyberattack in recent days as well. Sanford Health did not confirm whether it was the victim of ransomware, but president and CEO Bill Gassen confirmed to The Daily Beast it was working to “contain” the impact.
In both the Sanford Health and Eskenazi Health cases, patient data and employee data were not affected, officials said.
But while the hospitals may have stopped the attacks in their tracks, people who are seeking care could still be feeling the real-world effects, says Ohad Zaidenberg, the president and co-founder of CTI League, a consortium of volunteer cybersecurity researchers established during the pandemic to help medical entities deal with the increase in cyberattacks in the health sector.
And while some ransomware attacks can result in theft of data and headaches for patients and hospitals trying to keep their sensitive information private, ransomware attacks against hospitals—especially during the COVID-19 pandemic, when patients need life-saving urgent medical care—are some of the cruelest hacks, Zaidenberg says.
At least one death following a recent ransomware attack against a hospital—Düsseldorf University Hospital in Germany—has raised questions in recent months about whether ransomware could directly or indirectly lead to fatalities. And while police determined after an investigation that the cyberattack did not cause the person’s death, the Eskenazi incident is raising the same life-or-death questions, says Zaidenberg.
“Here we have another case: this ransomware attack forced the hospital to divert patients,” Zaidenberg told The Daily Beast, noting that even an attempted ransomware attack that is thwarted partway through can be more life-threatening than data theft. “It puts at risk people that are already at risk.”
The news of the cyberattacks comes months into the Biden administration’s effort to clamp down on ransomware attacks following high profile hacks against meat supplier JBS, Colonial Pipeline, and attacks against thousands of businesses earlier this year. Following warnings from the Biden administration about possible disruptive counterattacks, the hackers behind these Russian-speaking ransomware gangs seemed to retreat in recent weeks, going dark online. Some researchers have suggested they’ve regrouped and banded together under a new name, “BlackMatter,” and according to an anonymous interview with a cybersecurity analyst at security firm Recorded Future this week, the BlackMatter gang promised to not target critical infrastructure, including health-care entities.
Anne Neuberger, the White House’s deputy national security adviser for cyber and emerging technology, said Wednesday at an Aspen Security Forum virtual event that this could be a sign that President Joe Biden’s warnings have worked, to some extent. “We think we’re seeing a commitment,” Neuberger said, adding she thinks “the proof will be in the pudding… we will look to see the action to follow up on that commitment.”
The White House is waiting for concrete progress and not just empty promises but “this is a problem that’s built up over a number of years and it’s not something that will be solved in a moment,” a senior administration official told reporters during a call earlier this month. “It won’t be turned off like a light switch.”
Experts tracking ransomware in the private sector aren’t sure promises to avoid critical infrastructure are a win. Ransomware gangs have been laying out all kinds of morally minded guardrails for years, and then blowing right through them. Last year at the beginning of the coronavirus pandemic multiple ransomware gangs issued statements saying they wouldn’t target hospitals or medical entities, but ransomware attacks against hospitals have continued.
Any assurances that one gang is backing off are also worthless if another ransomware gang picks up the slack, according to Brett Callow, a threat analyst for cybersecurity company Emsisoft.
“BlackMatter are cybercriminals and their claims are really quite meaningless,” Callow told The Daily Beast. “Also, even if they did adhere to their commitment, there are numerous other threat groups which would have no qualms about attacking the health sector.”
Tom Hofmann, senior vice president of intelligence at security firm Flashpoint, told The Daily Beast that a reshuffling of hackers does not necessarily translate into a decrease in ransomware attacks.
“We haven't seen a slowdown in ransomware,” said Hofmann, whose firm works to negotiate ransoms with ransomware gangs on behalf of victims. “Rather, we are seeing the natural rotation of some groups stopping operations, but new groups continue to emerge to fill the void.”
It was not clear which hackers were responsible for the incidents at Eskenazi Health and Sanford Health.
Just three months ago the FBI warned hospitals and health care systems of the Russian-speaking Conti ransomware gang’s campaigns targeting the health sector—noting it had already run 16 different attacks in just the last year.
The FBI and the Department of Homeland Security’s cybersecurity agency, the Cybersecurity and Infrastructure Security Agency, did not immediately return requests for comment about the latest incidents.
For now, patients needing emergency care from Eskenazi Health are out of luck. As of Thursday evening, the company was still diverting ambulances and had no estimation for when all services would be back up and running normally.