Colorado Hospital Hit by Ransomware as COVID-19 Continues


2020-04-27 /

Despite the ongoing COVID-19 pandemic, the healthcare sector faces an ongoing surge of hack attacks that too often disrupt systems and patient care. Among the latest victims is a hospital in Pueblo, Colorado, which is still recovering from an apparent crypto-locking malware attack.
Parkview Medical Center was hit with a ransomware attack on April 21, according to Fox 21 News. As of Monday, the hospital's website still displayed a message saying it was "currently experiencing a network outage."
A Parkview employee told Fox 21 News that the attack involved ransomware rendering the hospitals' patient records systems inoperable.
In a statement provided to Information Security Media Group on Monday, Parkview says that a hack attack, which it declined to explain further, resulted in an outage of a number of its IT systems.
"Our investigation is ongoing at this time, and we will provide updates as more information is verified by the forensics team," the statement says. "While our medical staff continue to work around the clock in response to the ongoing global pandemic, we are doing everything in our power to bring our systems back online as quickly and securely as possible."
Other Incidents
Here's a rundown of other recent online attacks against the healthcare sector:
• The FBI says it has seen an increase in nation-state hackers targeting U.S. medical research facilities and healthcare organizations conducting research into COVID-19 (see FBI: Hackers Targeting U.S. COVID-10 Research Facilities);
• The World Health Organization has reported that the number of hack attacks targeting the organization since the pandemic began is five times the amount the organization saw during the same time period in 2019 (see: WHO Reports Dramatic Increase in Cyberattacks);
• The Department of Health and Human Services, which oversees the Centers for Disease Control and Prevention, has also been hit by a surge in hack attack attempts, some apparently from Russia and China, according to CNN.

Attempted Attacks

The Health Information Sharing and Analysis Center says its members are also seeing a spike in hack attacks, says Errol Weiss, its chief security officer.
"While some of the Health-ISAC members are reporting an increase in the number of attacks attempts they are seeing, there is not a corresponding increase of attacks succeeding," he tells ISMG.
"Members reported a 30 percent increase last month in the number of COVID-19-themed phishing sites and lures detected. While we're also reading those media articles and warnings from the FBI, we just don't see a major increase in victim breaches or successful exploitation."
Earlier this month, the U.K. National Cyber Security Center and the U.S. Cybersecurity Infrastructure and Security Agency issued a joint warning that hacking groups associated with nation-state governments are exploiting the COVID-19 pandemic (see: UK and US Security Agencies Sound COVID-19 Threat Alert).
And the Czech Republic earlier this month warned of an increasing number of cyber incidents that have targeted medical facilities, according to Reuters.
Persistent Threats
"Healthcare organizations are under constant attack on the network perimeter with bad actors probing for vulnerabilities," says Rich Curtiss, director of healthcare risk assurance services at security consulting firm Coalfire.
"Ransomware has been a constant threat through phishing campaigns and malicious websites. It appears that rather than a surge in cyberattacks, there has been a shift in the attack vector," he notes.
With most of the non-clinical workforce working from home, plus a surge in telehealth, securing remote access has become more challenging, he says.
"Many, if not most, organizations are ill-prepared for a significant portion of their workforce to be quarantined and working from home," he says.
"Business continuity and disaster recovery plans are insufficient for this crisis. The work-from-home attack vector is being exploited, and organizations without multi-factor authentication, properly configured virtual private networks, patched secure access gateways, robust network configurations and proper training on work-from-home processes are the most vulnerable."
Warnings and Reminders
Weiss of H-ISAC says his organization continues to warn its members about ongoing cyberthreats.
"We're also working closely with several volunteer information security research and cyberthreat intelligence groups and sharing intelligence we derive from those sources," he says. Those organizations include the COVID-19 CTI League and the COVID-19 Cyber Threat Coalition.