- The Washington Times - Sunday, February 14, 2021

An uptick in ransomware complaints flooded the FBI in the final months of 2020, including a spate of attacks on hospitals, The Washington Times has learned.

In each of the last four months of 2020, the FBI received more than 200 complaints about ransomware, according to data compiled by the FBI’s Internet Crime Complaint Center that was shared with The Times.

Victims’ cash losses more than tripled in 2020 year over year to $29.1 million, according to data collected by the FBI.

The complaints peaked in October with 302 reports of ransomware, which is malicious software that infects a computer system and threatens to publish the victim’s data or block access to it unless a ransom is paid.

The rest of 2020 had just two months with 200 ransomware complaints to the FBI, according to the data, which does not capture unreported ransomware attacks.

The bureau did not track ransomware attacks by industry, but contemporaneous reports show that the health care industry was under siege.

Sky Lakes Medical Center in Oregon was hit with ransomware in October. Spokesman Tom Hottman said he recalled reading about dozens of similar attacks nationwide in the same time frame.

Mr. Hottman said patient care was largely unaffected but electronic medical records functioned at a “slower tempo.”

“The malware was identified as ‘Ryuk,’ which some news organizations have attributed to Russia,” Mr. Hottman said in an email. “In cooperation with enforcement agencies, we identified where the source code was that could have led to a discussion with the attackers, but we elected to not entertain any discussion of ransom, therefore no conversations ever took place, nor was any ransom paid. Also, we identified a limited number of diagnostic imaging procedures which were negatively impacted — i.e., encrypted — by the virus.”

Sky Lakes Medical Center reported that there was no indication that personal health information was compromised or shared. Patients affected by the ransomware’s encryption of their medical imaging files have been offered the opportunity to have a repeat of imaging procedures at no cost.

Last month, the Greater Baltimore Medical Center disclosed that it was hit with a cyberattack in December that The Baltimore Sun identified as a result of ransomware.

The hospital did not respond to requests for comment and has not disclosed details of the attack.

Ransomware attacks are proving more successful and growing more sophisticated, said Brett Callow, threat analyst at software company Emsisoft.

He said those behind ransomware attacks once just encrypted the data but now also try to steal it as extra leverage to profit from their crimes.

“These are no longer expensive and disruptive inconveniences. They can seriously damage health care in terms of their reputations and bottom lines,” Mr. Callow said.

The attacks could affect life-or-death decisions for patients.

Mr. Callow pointed to the experience of a German patient whose ambulance was redirected to a different hospital because the first option was undergoing a cyberattack. The patient, a woman, died shortly after receiving treatment at the second hospital, according to Wired, but prosecutors decided against pursuing the hourlong delay in treatment as contributing to her death.

Ransomware attacks represent one component of a multitude of regular threats to the nation’s critical infrastructure. Although infrastructure often conjures images of railways, runways and roadways in need of repair, it also includes digital systems and computer networks that undergird the information superhighway.

A cyberbreach of a water treatment plant in Oldsmar, Florida, was likely the result of poor password security and an outdated operating system, according to federal officials. A plant operator quickly prevented the hacker from changing the drinking water’s level of sodium hydroxide, also known as liquid drain ingredient lye, from 100 parts per million to 11,100 parts per million.

Investigators have yet to identify a suspect.

Security experts say the attempted attack on the 15,000 residents of the town just outside Tampa is not unique.

“While I don’t think that this is a big deal in the sense that, ‘Oh, some scary foreign government is trying to poison the poor people of a small town in suburban Tampa,’ I do think that this is noticeable and maybe a valuable item in that it highlights just how we as a society have underinvested in certain elements of critical infrastructure operations and the resulting security of those operations,” said Joe Slowik, DomainTools security researcher.

Don’t be surprised to see water bills go up as organizations try to limit exposure to similar attacks, Mr. Slowik said.

• Ryan Lovelace can be reached at rlovelace@washingtontimes.com.

Copyright © 2022 The Washington Times, LLC. Click here for reprint permission.

Please read our comment policy before commenting.

Click to Read More and View Comments

Click to Hide