The heavy targeting of hospitals by this hacking group, known within the security industry as UNC-1878, has drawn the attention of federal law enforcement agencies and private sector cybersecurity investigators who say these types of attacks, which disrupt normal hospital operations, can lead to loss of life.
The Federal Bureau of Investigation did not immediately respond to a request for comment.
“This appears to have been a coordinated attack designed to disrupt hospitals specifically all around the country,” said Allan Liska, a threat intelligence analyst with U.S. cybersecurity firm Recorded Future.
“While multiple ransomware attacks against healthcare providers each week have been commonplace, this is the first time we have seen six hospitals targeted in the same day by the same ransomware actor.”
In the past, ransomware infections at hospitals have downed patient record keeping databases, which critically store up to date medical information, affecting hospitals’ ability to provide healthcare.
Two of the three consultants familiar with the attacks said the cybercriminals were commonly using a type of ransomware known as “Ryuk,” which locks up a victim’s computer until a payment is received.