Hackers ‘without conscience’ demand ransom from health providers

EDINBURGH • When hackers broke into computers at Hammersmith Medicines Research Ltd, a London-based company that carries out clinical trials for new medicines, it was a nightmare scenario for MD Malcolm Boyce.

The coronavirus crisis was just beginning to take hold in the UK, and the company was in talks with other firms about potentially testing a vaccine. The hackers used encryption to lockdown thousands of the company’s patient records and promised to publish them online if a ransom wasn’t paid.

Instead, Boyce called the police and his company’s IT staff worked around the clock to try to mitigate the damage.

“We’ve beefed up our defences since the attack with all sorts of software,” said Boyce, adding that his company is now operating normally after a temporary setback. “My message to other companies is to do everything possible to safeguard yourself because they are quite capable of putting companies out of business, and they are totally without conscience.”

At a time when they are struggling to handle an influx of patients suffering from Covid-19, healthcare providers and medical facilities in the US and Europe have seen a surge of ransomware attacks, as criminal groups seek to exploit the crisis to hit the sector when it’s at its most desperate, according to several cybersecurity experts.

“We have now seen a number of instances where clinical labs involved in testing, or major hospitals, have suffered ransomware attacks, where all their IT systems have been knocked down,” said André Pienaar, founder of C5 Capital Ltd, a venture capital firm. C5 has created an alliance of cybersecurity companies that is providing free assistance to hospitals and clinics in the UK and Europe.

Several of the attacks, Pienaar said, took place in the UK and elsewhere in Europe and were linked to an organised crime syndicate that uses a strain of ransomware known as “Maze”.

The European Union (EU) Agency for Law Enforcement Cooperation, the EU’s law enforcement agency, has received reports of intensifying cyber-attacks in almost all of its 27 member countries, according to spokesman Jan Op Gen Oorth.

In the US, Bill Siegel, CEO of Coveware Inc, which helps companies affected by ransomware attacks, said he has worked with about a half dozen healthcare providers that have been hit with ransomware during the Covid-19 crisis.

The organisations that were hacked varied in size, he said, and included a hospital, medical laboratories, a small paediatrician’s office and an urban care centre. He declined to name them, citing confidentiality agreements.

An attack on a healthcare provider locks down computers that typically contain electronic medical records, Siegel said, meaning that doctors and nurses can’t access information about their patients’ medical histories, the dosages of drugs that patients require and other critical information.

The ramifications of such an attack, especially during the outbreak, could be devastating, Siegel said. In the case of the hospital he is working with, “casualties that would not otherwise occur are a likely outcome because of the ransomware attack”, he said.

Ransomware is a type of malware that encrypts files on a victim’s computers, rendering the data they contain inaccessible until a ransom is paid for a decryption key. The ransom amounts vary, though Pienaar said he has seen “enormous inflation” in ransom demands in the last two months.

In many instances, he said, ransoms are being paid because the health organisations are under time constraints and pressure, exactly what the hackers are counting on.

The ransomware attacks come amid an increase in other cyber-attacks related to the pandemic. — Bloomberg