Early on the morning of Sunday, September 27, 2020, end users at a United Health Services (UHS) hospital were greeted with locked phones and computer screens hijacked by ransomware. The giant hospital system has reverted back to paper forms, with no electronic access to online patient data, including lab results and historical information. Healthcare workers at the hospitals were told that it would take days to get the systems back online. UHS serves millions of patients through 400 facilities in the U.S. and the U.K.
Authorities have not yet identified the source of the UHS attack, however, there are patterns emerging suggesting Ryuk ransomware, which encrypts the targeted system’s data and demands a ransom to be paid to have the data restored. The Ryuk ransom demands have ranged from around $100K to $500K.
The Ryuk ransomware is not new, and actually first surfaced in 2018. Since then, it has been unleashed mainly on various large organizations, known as “big game hunting”. The Ryuk ransomware can infect the targeted systems in various ways including through phishing emails or vulnerabilities in third -party components or services, such as Remote Desktop Protocol (RDP).
At this time, there is no indication that there has been any compromise to patient safety at the hospital system, but there could very well be an impact as the crisis unfolds. This is a grim reminder of the very recent Dusseldorf University Hospital incident, which we summarized in our report “Ransomware Attack Leads to Fatality”, where ransomware forced patient redirection from the impacted facility, which resulted in a fatality due to a delay in care.
While healthcare organizations are focusing on the global pandemic, they continue to be prime targets for hackers and bad actors. According to various studies, third-party software component vulnerabilities play a big role in enabling these breaches and are nearly invisible to healthcare providers, since they don’t know which components are running in which of their deployed devices.
Healthcare industry stakeholders generally agree that requiring a Software Bill of Materials (SBOM), which is a monitored list of software components utilized in a medical device, will help mitigate these security issues with third-party components. Agreement among stakeholders, however, does not necessarily translate into immediate adoption. Some of this delayed adoption is due to costs associated with generating, maintaining and sharing SBOMs and the lack of tools to help automate the process. We’re hoping to change that at Vigilant Ops, by offering our InSight Platform to enable medical device manufacturers to automatically generate, maintain and share SBOMs with their healthcare customers.