Search This Blog

Showing posts with label Healthcare. Show all posts

Ryuk Ransomware Attacks Union Health Services, Disrupts Hospitals Nationwide



Universal Health Services (UHS) is shut down after a ransomware attack by hackers. Fortune 5oo organization, UHS runs a network of more than 500 hospitals in the nation. Ryuk ransomware is said to be responsible for this attack. The attack took place earlier this week when the employees on Reddit and other platforms reported the issue. According to these discussions on Reddit, it was clear from the comments that many UHS locations took a hit and needed a manual process to re-start.
One user said they had a lot of paperwork as the computers were shut down. Another user said they had to send their patients away, but the lab operations were working fine. However, they didn't have any computer-based access to anything. Another user said that their UHS was shut down. The employees had to handwrite everything and were not allowed to use their computers.

UHS, in its official statement, said, "The I.T. Network across Universal Health Services (UHS) facilities is currently offline, as the company works through a security incident caused by malware. The cyberattack occurred early Sunday morning when the company shut down all networks across the U.S. enterprise. We have no indication that any patient or employee data has been accessed, copied, or misused. The company's U.K. operations have not been impacted." However, UHS has not cleared the type of cyberattack it experienced, but the employees say it is likely to be Ryuk ransomware. 

According to one UHS employee, all the encrypted files had a .ryk extension. Hacked computers also had a ransom note labeled as 'shadow of the universe,' which the Ryuk ransomware uses in its attacks. Employees on Reddit also expressed concern about the health of patients due to the shutdown of the computers. One even said (not verified) that four patients had died due to the delay in care. "We are making steady progress with recovery efforts. Specific applications have already started coming online again, with others projected to be restored on a rolling basis across the U.S.," the UHS statement reads.

Importance of Cybersecurity in the Healthcare Sector


Hackers and cybercriminals have targeted the healthcare sector for a long time. Among the healthcare industry, hospitals are generally the primary target for hackers, as they generate a lot of money. The hospitals hold very sensitive information of the patients, including credentials and personal data, and the hackers can take advantage of that. Due to the coronavirus pandemic, hospitals have received a large number of funds from the government and other agencies to deal with the issue, and the hackers are after the money.


The critical issue is that healthcare IT systems store patient credentials, including banking details, ID, and credit card details. Besides this, information such as patient's HIV details can be exposed, and cybercriminals can exploit for extortion. On the dark web, ID credentials can be sold for very profitable money, so the government and healthcare industry should take extra precautions to stay safe from cyber attacks. In the present pandemic crisis, blackmail has become one of the most common cyberattacks threats. Blackmail is different from ransomware; in the latter, the player holds company data as ransom by encrypting malware. Whereas, while blackmailing, the hacker threatens to expose critical data, unless his demands are met, which is mostly money.

In this scenario, the hospitals don't have any option but to compensate the cybercriminal as revealing patient information is not only dangerous but also against the doctor-patient confidentiality. In the starting phase of the COVID-19 outbreak, hackers across the world didn't target the healthcare industry. It created a false sense of security among the government and experts that the healthcare sector was safe from hackers and cyber attacks. It was all but long when the hackers finally decided to take a toll on cyberattacks on healthcare.

Therefore, the healthcare industry should step-up and create a robust cybersecurity infrastructure that ensures patients' privacy and security. General awareness of cybersecurity among citizens is also essential, especially sensitizing the hospital staff. Most important and the last one, healthcare institutes should team up with cybersecurity agencies that provide protection and security from cyber attacks and hackers.

Windows Devices in Hospitals Vulnerable to Potential Exploits


Windows Devices in Hospitals Vulnerable to Potential Exploits According to recent reports, hackers can exploit the vulnerabilities present in health devices, and it can prove dangerous to the health of the patients at the hospital. But, the problem could be avoided by following some simple steps. The health devices have a more likable chance to the Bluekeep exploit than any other devices connected in the hospitals. Health devices can be exploited up to 2 times, using the Bluekeep exploit. This puts both the patients and the hospital staff in danger as witnessing the current scenario, the health sector has recently been one of the primary targets of the hackers.


Therefore, the issue of cybersecurity among the health sector is one of the main concerns of the digital age. Bluekeep was first discovered in 2019, and it is a vulnerability in Microsoft RDP (Remote Desktop Protocol). The vulnerability affects Windows7, Windows8, Windows Server2008, and Windows Server2008 R2. When the news of Bluekeep vulnerability surfaced, Microsoft immediately released a security patch to resolve the issue. Various intelligence agencies, including the US NSA (National Security Advisory) and Britain's NCSC (National Cyber Security Centre), immediately informed Microsoft to fix all the security patches related to the vulnerability.

The matter of concern was that Bluekeep could be used as malware to do the same damage that EternalBlue had caused, the exploit that triggered Wannacry. In this incident, various high profile organizations were taken the victim, but the greatest attack happened on the National Health Service of UK, in which the entire networks of the hospitals were shut down. But despite various warnings, health devices that run on Windows are still vulnerable to a potential Bluekeep exploit.

According to researchers at CyberMDX, a healthcare cybersecurity company, a newly made report's data suggests that more than 20% of healthcare devices (that run on Windows) in hospitals are vulnerable to the blue keep exploit, as they have still not configured to the latest security patches. The healthcare devices include x-ray machines, anesthesia machines, ultrasound devices, and radiology equipment. If these devices are not fixed to the latest security patch, chances are that hackers could exploit them using the blue keep vulnerability. This can risk the lives of the patients and the healthcare staff.