2020 is not over. The latest news is that there have been cyberattacks on computer systems at some US hospitals. Aside from the clear concerns about healthcare for those in the hospital, this and other recent cyberattacks have raised concerns about broader societal disruption as Election Day approaches. In fact, it appears that if the cyberattackers are causing chaos in a few hospitals, they could also do so in hundreds more.
In the video above, Rachel Maddow points out that the FBI, the Homeland Security Department’s Cybersecurity Infrastructure Security Agency (CISA), and the Department of Health and Human Services (HHS) are involved in trying to solve the issue. An advisory put out by the agencies pointed out the tactics, techniques, and procedures that are being used by cybercriminals against targets in the healthcare and public health (HPH) sector. The cyberattackers aim to infest computer systems with Ryuk ransomware for financial gain.
“CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers. CISA, FBI, and HHS assess malicious cyber actors are targeting the HPH Sector with Trickbot and BazarLoader malware, often leading to ransomware attacks, data theft, and the disruption of healthcare services.”
In another report that Maddow showed, attacks have shut down some procedures at Sky Lakes Medical Center in Klamath Falls, Oregon. Tom Hottman, a spokesman, noted that the hospital is unable to offer cancer treatments that are computer-controlled and that the attack impacted diagnostic imaging as well. The medical staff has turned to paper for patient records since the electronic system is offline.
Another hospital mentioned in the video is Sonoma Valley Hospital in California, which is still trying to restore its computer systems after an intrusion last week. And NBC News reported on a wave of ransomware attacks that have infected more hospitals than previously known. In Vermont, a University of Vermont network with locations in New York is analyzing what looks like a ransomware attack from the same cybercrime gang. Maddow pointed out that these hackers are believed to be based in Moscow and St. Petersburg, Russia, and have been trading a list of more than 400 hospitals they plan to target.
“The cybersecurity people are kinda freaking out about this,” Maddow said in the video. She also pointed out that the Associated Press stated: “This offensive by the Russian-speaking criminal gang coincides with the U.S. presidential election. Although, there is no immediate indication they were motivated by anything but profit.” Someone is paying money for screwing with our hospitals, though, and perhaps more than that.
Cyberattacks In Louisiana May Have Shut My Power Off Last Week
Last Saturday, around 9:00 in the morning, my power went off. So did the power of my entire block. I’ve been told by several neighbors that we are on the hospital grid, and they’ve always insisted this is why we got our power back so quickly after Delta stormed thru and after similar events.
When I called Entergy to report the outage, I got an error message telling me that Entergy was closed until Monday and to try back then. When I reported it using the automatic system, I got hung up on. When I used their texting system, where you text OUT to a number, I got the confirmation requesting me to reply Y to confirm. When I did, I got an error message from Entergy saying that my request couldn’t be understood. I later found out that the day before all of this happened, the National Guard was called into my state to thwart cyberattacks on some government offices.
Investigators found a tool used by the hackers in the Louisiana incidents. This tool was previously linked to a group associated with the North Korean government. The tool is a remote access trojan (or RAT) that is used to infiltrate computer networks. This RAT, known as KimJongRat, has some of its code publicized in a computer virus repository where hackers can copy it, according to cybersecurity analysts who examined it.
Tyler Brey, a spokesman for the LA Secretary of State’s office, said that our state is a “top-down state.” This means that election data is centrally stored at the secretary of state’s office, and this makes it easier for election officials to recover from cyberattacks. Jen Miller-Osborn, Deputy Director of Threat Intelligence—Unit 42 at Palo Alto Networks, noted that the company tracked a hacking group last year that used KimJongRat.
She said that it would be “atypical” for the group she’s studied to use the tool for financial gain. Emotet, a common trojan used against banks, was also deployed by the attackers and found on computers here in Louisiana. When the staff was hacked, their email accounts would sometimes be used by the hackers to send malware to other colleagues. On October 6, CISA published an alert saying Emotet was being used to target local government offices across the country.
It’s bad enough that Louisiana has been hit with several hurricanes that devastated homes and knocked out power for a least a month in Lake Charles. New cases of the coronavirus are on the rise, hitting new daily records, but people just don’t give a damn. The attitude here is “whatever.” Uber drivers, taxi drivers, people at the grocery store, people working in the post office — all of these people do not wear masks here in Louisiana and believe that it’s a hoax.
Then you add in cyberattacks to this, and again who is paying attention? I was pretty upset with Entergy until I realized there were cyberattacks here. But if I am on the hospital’s grid and it was a cyberattack that made the power go out and didn’t even let me report it, that is pretty worrisome. When we finally did get in touch with Entergy by calling 311, which hung up on us a few times before we got a nice person, the Entergy rep sounded like he was in bed and said that he would file our request later.
I took over the phone call from my neighbor, who is just too nice, and snapped. “Our power has been off since this morning and it is now 4 pm and you’re going to file the request later? Are you high?” It was hot outside that day — and we get cranky when the air conditioner is off and there’s no coffee. He woke up then and asked us why we didn’t report it earlier. I explained that the reporting system was down. Seriously, what is going on in this country?