The FBI and other US agencies have warned that North Korean government-backed hackers have targeted multiple health organisations with ransomware in the past 12 months, with some cases disrupting health services for “prolonged periods”.
The FBI, Department of Treasury and US Cybersecurity and Infrastructure Security Agency (CISA) have issued an advisory urging health care organisations to bolster their cyber security after North Korean hackers used ransomware to encrypt computer systems hosting electronic health records and diagnostics and imaging services. The US agencies did not name the organisations victimised by the alleged North Korean hackers.
CNN reports that "strained for resources" health care facilities in the US have had to deal with disruptive ransomware attacks throughout the pandemic. An IT administrator managing a 100-bed hospital in Florida told CNN how he had to "shut down the facility's computer systems in January to prevent a ransomware attack from spreading throughout the hospital".
A wave of ransomware attacks hit US hospitals in 2020 from Russian-linked cyber criminals, including an alleged ransomware incident in October 2020 that forced the University of Vermont to delay chemotherapy appointments.
In June, FBI Director Christopher Wray blamed Iranian government-backed hackers for a "despicable" cyber attack on Boston Children's Hospital last year, an allegation that Tehran denied. Iranian hackers were the subject of another US advisory on ransomware in the health sector last November, even though no ransomware was deployed in that case.
State-sponsored hackers from countries like North Korea and Iran are willing to deploy ransomware against the health sector, according to CNN – a tactic more often associated with non-state cyber criminals.
According to Silas Cutler, principal reverse engineer at cyber security firm Stairwell and cyber security specialist who analysed the ransomware and contributed to the federal advisory, the malicious code is "manually" operated, meaning the attackers can choose which computer files to encrypt.
"A key open question for us has been: how does the attacker deliver ransom notes to impacted parties?" Cutler said.
"The federal advisory will hopefully flush out more information from victims and give cyber security experts a clearer picture of the hackers' operations."
The US government accused Pyongyang of developing the so-called WannaCry ransomware in 2017, which spread to more than 200,000 machines in 150 countries. The incident cost Britain's National Health Service alone more than $100 million.
Among its peers, North Korea is unique in their deep, active involvement in cyber crime, according to John Hultquist, vice president of intelligence analysis at cyber security firm Mandiant.
"Unlike other countries who may contract and bargain with domestic criminals, the North Korean state carries out cyber crime directly, against targets all over the globe."
[Related: Shanghai police hack censored in China]