The Age of Ransomware


Universal Health Services Becomes Latest Ransomware Victim

Universal Health Services (UHS) has become the latest victim in a string of cyberattacks on hospitals this year. The healthcare services provider operating 328 Behavioral Health inpatient facilities, 42 outpatient facilities, 26 Acute Care Hospitals, and several ambulatory care centers across the United States and the United Kingdom was left crippled over the last weekend of September by the Ryuk ransomware with doctors and nurses resorting to paper and pen.

Who is behind the UHS cyberattack?

Who is the mastermind behind the UHS cyberattack? Employees working at UHS hospitals attested to the fact that files became corrupted and had the .ryk extension in their name. This is an extension that is associated with the notorious Ryuk ransomware.

Director of Security, Intelligence and Analytics at Nuspire, Justin Heard says, “Ryuk ransomware is run by a group called Wizard Spider, which is known as the Russia-based operator of the Trickbot banking malware.” Heard goes on to note how Ryuk has in the past been used mostly to attack financial services but has since changed course to target other sectors.

Last year the malware hobbled several oil and gas facilities across the country. It was also mentioned expressly by the US Coast Guard as the culprit behind a ransomware attack that took place at a Maritime Transportation Security Act-regulated facility in 2019.

How Ryuk ransomware entered UHS networks

Hospitals and healthcare centers are fully aware of the dangers posed by cybercriminals. With 82% of medical institutions citing digital security as their chief concern and over half having suffered at least one cyberattack in 2019, strict measures have been adopted by most to try and mitigate risk.

Despite these efforts, ransomware like Ryuk always penetrates through basic vulnerabilities, and in the case of the UHS cyberattack, the entry point was spam mail. Once in the system, the malware spread to infect other IoT devices such as hospital phones and radiology equipment.

The worrying surge in healthcare institution ransomware attacks

The UHS cyberattack isn’t the first of its kind. Earlier in the year, 25-bed Rangely District Hospital lost records going back to 2012 in a ransomware attack. Again the attacker was a foreign threat actor that managed to penetrate and gain access to internal IT infrastructure.

In Germany, a woman died in September and became the first fatal casualty of a ransomware attack on a hospital. While many hospitals keep patient records on paper, medication systems, lab reports, and accompanying medical charts are mostly kept online which can be devastating for critical patients. So what are healthcare institutions to do?

Mitigate cyberattacks with next-generation solutions

Cybeta’s predictive and pre-emptive cybersecurity solutions have been developed by U.S. intelligence-trained experts and can assist you in reducing risk. Contact us to discuss solutions that can help you strengthen your defense strategy.