Cybercriminals could soon paralyse the US healthcare system with a ransomware attack, which has already hit five hospitals and four other facilities, the FBI has warned.
In an alert on Wednesday, the FBI said it had credible evidence of an “increased and imminent cybercrime threat” to healthcare providers nationwide.
They warned the fraudsters behind the ransomware, which is called Ryuk, want to steal data and disrupt healthcare services.
They do this by scrambling their victims’ data, making it impossible to understand, then demanding money to decode it again, the alert from the FBI, Department of Homeland Security and Department of Health and Human Services said.
The attack, which has already affected five hospitals this week, as well as four other healthcare institutions, could spread further in the coming days, they added.
It coincides with a nationwide rise in coronavirus cases and the US election on 3 November.
But there is currently no evidence the cybercriminals have any political motive, the alert stressed.
Previous ransomware attacks have resulted in ambulances being diverted to different hospitals and medics left to keep track of patient care with just pen and paper.
One in Dusseldorf, Germany, in September, resulted in a critically-ill patient being rerouted to another hospital in the city, which ultimately led to their death.
So far the current US attack has not seen any care compromised.
But Charles Carmakal, chief technical officer of security firm Mandiant, says the cyber threat could be the “most significant” the US has ever seen.
He warned criminals are “deliberately targeting and disrupting US hospitals, forcing them to divert patients to other healthcare providers” and producing prolonged delays in critical care.
So far this year 59 US healthcare providers or systems have been impacted by ransomware, which has resulted in care at 510 facilities being compromised, cybersecurity analysts at Emisisoft added.