LOUISVILLE, Ky. (WDRB) -- Hospitals all around the U.S. are being warned about a scheme to hack computer systems and hold data hostage for money.
The FBI and two other federal agencies sent out alerts related to the threats Wednesday night. The alert warns that there is "credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers."
The primary means of a hack would be ransomware, according to the alert. The attack would essentially create a "hostage" situation for hospitals in which hackers would take control of data and not release it until a ransom is paid.
"Hackers get access to your computer, take all your data and encrypt it, making it useless to you," said Roman Yampolskiy, an associate professor of computer science at the University of Louisville. "It just becomes a pile of garbage."
There has been no indication that any of the largest health care providers in the Louisville area have been targeted by ransomware attacks. Nonetheless, FBI Louisville's "Cyber Squad Supervisor is checking in with them" on Thursday, an FBI spokesperson told WDRB News.
Over the past several months, hospitals in New York, Nebraska, Ohio, Missouri and Michigan have all been attacked by some form of ransomware hack.
A Trump administration official told CNN that several hospitals have been hacked this week. The federal government is investigating the attacks, the official told CNN.
Meanwhile, representatives of Louisville's health care providers issued the following statements about the steps they are taking to avoid becoming victims:
"Baptist Health has invested heavily in technology and cybersecurity, keeping pace with industry standards. We take threats like this very seriously. Our experienced IT and Cybersecurity teams are vigilant, and prepare for situations such as this. While no health system today is ever immune to IT disruptions, Baptist Health is confident in the competence and readiness of its team and the sophistication of its technology. Our priority is the safety of our patients, and we have backup systems in place to minimize any potential disruptions to care."
Michael Erickson, chief information security officer for Baptist Health
"The UofL Health cybersecurity team is currently monitoring recently reported security threats in collaboration with our local, state and federal resources/partners. We have educated our front line staff to be aware of malicious emails and encourage patients be vigilant as well. If you receive a suspicious email, representing itself as coming from UofL Health, you should contact your doctorās office to verify before opening. UofL Health will never ask for credentials or log on information as a part of messaging to our patients."
ā Carolyn Callahan, spokeswoman for University of Louisville Health
"Protecting health information is a priority for everyone at in our organization. Our information services security team works diligently to stay on top of the latest cyber threats so that we can enhance our security posture as necessary. Likewise, we talk with employees about the importance of IT security, reminding them of the steps they can take to help protect information. This includes guarding passwords, not opening suspicious email attachments and not giving out personal information."
ā Norton Healthcare
The effort to hack and extort hospitals is being coordinated by a Russian-speaking gang that has been on the radar of federal authorities since 2016, according to the federal alert.
In 2019, Park Duvalle health center paid ransomware attackers $70,000 to release data. The nonprofit, which runs medical clinics for low-income and uninsured patients in west Louisville, lost control of data for 20,000 patients including appointments, past medical history, medication needs and more for two months. It resulted in the clinics having to rely on patients' memories and document using pencil and paper.
The attack on Park Duvalle health center does not appear to be related to the latest effort.
"It could be very bad," Yampolskiy said of an attack on a medical provider. "Very dangerous. It forces them to go back to pen and paper approach."
The worries are compounded by the fact that hospitals are seeing an influx of COVID-19 patients as cases of the respiratory illness surge.
Related Stories:Ā
Copyright 2020 WDRB Media. All Rights Reserved.
