The University of Vermont Health Network and Brooklyn’s Wyckoff Heights Medical Centre have become the latest targets in a spate of attacks on the US healthcare sector, employing the infamous Ryuk ransomware.

In a recent emergency meeting with major stakeholders from the healthcare sector, the US government warned of an imminent and rising cybercrime threat aimed against healthcare facilities, service providers and hospitals across the nation. The same day, The Cybersecurity and Infrastructure Security Agency (CISA) released a statement advising organisations operating in the healthcare industry that they were being actively selected as targets for a stream of attacks using Ryuk ransomware.

In a report issued by security professionals at Check Point Software Technologies, statistics show a 71% rise in attacks using ransomware attacks on the healthcare industry in October. The slew of recent Ryuk ransomware assaults has already chalked up multiple victims including New York’s St. Lawrence Health System, Oregon’s Sky Lakes Medical Centre along with 200 dedicated healthcare facilities across the country belonging to Universal Health Services.

Wyckoff Hospital, Brooklyn, and the University of Vermont Health Network attacked

A teaching hospital in New York, Wyckoff Heights, was struck by a Ryuk ransomware assault. In an attempt to stop the infections spreading across its systems, the healthcare facility shut down parts of its network, but by this point many devices had already been encrypted locking personnel out. The extent of the attack is as yet unknown, along with how it has impacted the treatment of patients, or where admissions are being redirected to for care.

Vermont’s network of hospitals was also the victim of an attack where operators deployed the Ryuk crypto malware.

A statement from the healthcare operator read:

“The attack has caused variable impacts at each of our affiliates. Staff are continuing to follow well-practiced standby procedures to ensure safe patient care. We understand the difficulty this causes for our patients and the community and apologise for the impact. There have been some changes to patient appointments, and we are attempting to reach those patients who have been affected. We will continue to provide systems and patient service updates when they are available.”

Ransomware operators targeting healthcare services

Service providers and medical facilities operating in the healthcare industry make prime targets for ransomware groups. Operators employing ransomware tactics use the threat of disrupted services and exposure of personal information to force their victims into acquiescing to demands. With lives on the line when services are inaccessible and extremely sensitive data potentially disclosed publicly when attacks take place, such threats have severe implications and a serious impact on healthcare organisations and networks. Ransomware operators play on this dire need of facilities and services to return to operational status to push their advantage and successfully extort funds from victims.

Cybersecurity experts at US firm Mandiant have uncovered that UNC1878, a hacker outfit operating out of Eastern Europe, is responsible the spree of raids with an intent to attack US hospitals in their hundreds.