Cybercriminals are knowingly targeting hospitals in an escalation of ransomware attacks. US hospitals are unprepared for the threats and often pay ransoms, leaving them vulnerable.

Theyre knowingly targeting hospitals
Photo by David S. Holloway/Getty Images
United States hospitals were targeted by two major cybersecurity attacks this fall: the first taking down Universal Health Services, a chain of hundreds of hospitals, and the second by a group called UNC1878 threatening hundreds of individual health care facilities all around the country. Targeting health care institutions directly marks a new approach for cybercriminals.
We havent seen an incident of magnitude that actually has the potential to harm people, literally all the way up to the point of death, says Caleb Barlow, CEO of cybersecurity consulting firm CynergisTek. It crosses a line that I think the entire cybersecurity community just didnt think was going to get crossed anytime soon.
Many large-scale cyberattacks on hospitals over the past few years have been incidental. A piece of ransomware is sent out generally and happens to get into a hospital. Thats what happened to the United Kingdoms National Health Service (NHS) in the spring of 2017 when the WannaCry cyberattack hit organizations worldwide. But the latest two attacks were intentionally made on hospitals. Theyre an appealing target during the COVID-19 pandemic because theyre so essential. Institutions cant afford to be offline while they try to extricate themselves from ransomware, says Alan Woodward, a computer security expert and professor at the University of Surrey in the United Kingdom.
Theyre also targeted because some have paid a ransom to get their systems unlocked, he says. Theres been quite a few high profile cases where people have paid, Woodward says. Whereas, if you ask any law enforcement agency, they will say, please dont pay. Youll paint a target on your back.
Some cybercrime groups pledged not to target hospitals during the COVID-19 pandemic, but attacks on health care facilities doubled in the second half of the year. Most health care institutions are unprepared for cyberattacks, and the pandemic could make things worse, Barlow says. They are financially strapped because of that pandemic, he says. You have a perfect storm: ransomware has been hitting Americas hospitals heavily over the last few years, and almost always, they pay. You have a victim here that is weak, and if you attack them, youve got a high probability that youre going to get paid.
Thankfully, the two major attacks this fall werent as devastating as they could have been. The electronic health records at United Health Services werent directly affected, and the system was able to get back up and running in a few weeks. The second threat, from UNC1878, was flagged by federal agencies early enough for many hospitals to prepare. Advance warning may have bought many health care centers enough time to harden their defenses by blocking phishing emails associated with the attack and searching their systems for dormant, malicious files. Hundreds of hospitals were at risk, and these actions may have helped most avoid falling victim to the ransomware.Theyre not nearly out of the woods, and the attack took down the computer systems ofat least 20 facilities already, but the scale of the disruption could have been much larger.
I hope that what will happen is that people will be prepared, and the warnings will be enough, Woodward says.
Thats one difference from the WannaCry cyberattack to the NHS. That attack shut down 80 hospitals across the system, forcing them to divert patients and reschedule regular care. The system had some warning, but it didnt respond quickly enough.
Barlow says that since the warning was posted, hes spent all day, every day in conversations with leadership at various hospitals around the US, helping them make sure theyre ready to ward off attacks. He thinks, so far, facilities taking those steps have been in good shape. Those investments will also help prepare them for the future: even if the current threat fades, he says, others will pop up.
During the pandemic, hospitals will stay a target, Woodward says. The threat will continue to exist, and the danger will be that people will drop their guard, and theyll be back, he says.
For cybersecurity experts, another next step is figuring out why cybercriminals are more aggressively targeting hospitals, with actions that could be deadly. There are dozens of theories floating around, Barlow says but no direct evidence for any of them. Were all trying to figure out the same questions youre asking: Why has the atmosphere changed? And what is their endgame?

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.