pixel_dreams - Fotolia

FBI investigating cyber attack on US hospital group Medstar

US hospital group Medstar Health appears to be the latest target of ransomware as it suspends IT system to halt malware infection

The FBI is investigating a suspected ransomware attack on US hospital group Medstar Health after it reported a malware infection.

The healthcare group, which runs 10 hospitals in Washington DC and Maryland, said that its IT system had been “affected by a virus”.

To prevent the virus spreading throughout the organisation, Medstar said it had shut down “all system interfaces” and was working with IT and security partners to assess and address the situation.

The action reportedly meant that patients were unable to book appointments and staff members were locked out of their email accounts.

However, the group said all its clinical facilities remained open and functioning, that there was no evidence that information had been compromised, and that it was backing up systems and paper transactions where necessary.

The FBI said it was investigating whether the unknown hackers were demanding a ransom to restore systems, according to US reports.

In recent weeks, several US hospitals have reported being hit by ransomware, which is malware designed to encrypt key data files and then demand a ransom to release the data.

Read more about ransomware

  • Businesses are still getting caught by ransomware even though there are fairly straightforward methods to avoid it.
  • Criminals use devices compromised for click fraud as the initial step in a chain of infections leading to ransomware attacks, warns security firm Damballa.
  • The first half of 2014 saw an increase in online attacks that lock up user data and hold it to ransom.
  • The Cryptolocker ransomware caught many enterprises off-guard, but there is a defence strategy that works against it.

News of the Medstar malware infection comes just over five weeks after the Hollywood Presbyterian Medical Center paid $17,000 ransom in bitcoins to attackers to restore data encrypted by ransomware after holding out for 10 days.

However, the Methodist Hospital in Henderson, Kentucky, which was hit shortly after the Hollywood hopital, reported that it had used backups to regain control of its IT systems after five days without paying any ransom.

Poor security

Although hospitals are considered to be critical infrastructure, cyber security in the US hospital sector is generally regarded as poor, according to reports.

Given the spate of ransomware attacks on hospitals, the chances are high that the malware that hit Medstar Health is also ransomware, according to David Melamed, senior research engineer at security firm CloudLock.

“Such targets are particularly vulnerable because they cannot afford to be paralysed for a long time either because their data has been encrypted or because they shut down the system to avoid spreading the infection, and they prefer to pay the ransom,” he said.

Melamed said that keeping computers and browsers up to speed with security updates and maintaining a fresh backup of your data are recommended to minimise the risks of infection and impact of attacks.

Enforcement response

Jack Danahy, CTO and co-founder of security Barkly, said it will be interesting to see the outcome of law enforcement action in this attack.  

“There has been little news on attribution of either the recent Kentucky Methodist Hospital or Hollywood Presbyterian Hospital attacks,” he said. “Hospitals that have remained unscathed to this point should be double-checking their protection, their backups, and their logs.”

Ransomware is one of the top international cyber threats, along with distributed denial of service (DDoS) attacks and bullet-proof hosting services, according to the UK National Crime Agency.

In 2013, the NCA’s National Cyber Crime Unit (NCCU) warned of a mass email-borne Cryptolocker ransomware campaign aimed at small and medium-sized enterprises (SMEs) and consumers.

Since then, ransomware has become ever more popular with cyber criminals, with its use increasing by 58% in the second quarter of 2015, according to a threat report by Intel Security.

Research has shown that relatively low-cost ransomware attacks typically net thousands of pounds a week for attackers.

Read more on Hackers and cybercrime prevention