2020 has witnessed an uptick in ransomware attacks targeting hospitals and healthcare facilities. See, for example, C5 Capital Founder André Pienaar’s account of a ransomware attack in the early days of COVID-19 in the U.K. Another high-profile incident occurred in late September when U.S. healthcare services company UHS was struck with Ryuk ransomware, resulting in a weeks long disruption of their networks at multiple locations.
In late October, several US federal agencies released a joint advisory via the (CISA) highlighting the “imminent threat” from these ransomware operators and providing recommendations for detecting and mitigating such threats. Just since the advisory’s release, news has surfaced that healthcare systems in Oregon, New York, and Vermont have been affected by ransomware. Private sector reporting has attributed these campaigns to the Ryuk ransomware gang, sometimes known as UNC1878 or Wizard Spider, a criminal group that likely operates out of Russia.