Why North Korea Ransomware Attacks Target US Healthcare Workers
The US Department of Justice (DOJ) announced this week that around $500,000 in Bitcoin
The attacks caused widespread disruption to IT systems and medical services and put patient safety at risk. The new ransomware variant was discovered during an investigation into a ransomware attack on a Kansas hospital in May 2021. The Kansas provider had notified the FBI when the ransomware occurred. As a result, the FBI was able to observe a $120,000 bitcoin payment to one of the seized accounts that was paid separately by the Colorado health care provider.
The attack was traced to a North Korean hacker group suspected of receiving support from the DPRK. The Kansas hospital had its servers encrypted, preventing access to important IT systems for more than a week. The hospital paid a $100,000 ransom for the keys to decrypt files and regain access to its servers immediately.
“Thanks to the prompt reporting and cooperation of a victim, FBI and Justice Department prosecutors disrupted the activities of a North Korean state-sponsored ransom distribution group known as ‘Maui,'” Deputy Attorney General Lisa O. Monaco said today at the International. Conference on cyber security. Treasury, the FBI and the Cybersecurity and Infrastructure Security Agency (CISA) issued a joint alert on July 6 regarding Maui and the targeting of healthcare workers.
While ransomware is a new phenomenon, healthcare organizations are most vulnerable
The number of ransomware attacks on healthcare organizations increased by 94% from 2021 to 2022, according to a report by cybersecurity firm Sophos. More than two-thirds of US healthcare organizations said they had experienced a ransomware attack in 2021, the study said, up from 34% in 2020.
In October 2020, the FBI, CISA and the US Department of Health and Human Services had issued a joint alert saying there was “…credible information about an increased and imminent threat of cybercrime against US hospitals and healthcare workers. CISA, FBI and HHS share this information to alert healthcare professionals to ensure they take timely and reasonable precautions to protect their networks from these threats.”
In part of CISA’s website, the organization explains parts of the problem. “Health information technology provides critical life-saving functions and consists of connected, networked systems that utilize wireless technologies, which in turn make such systems more vulnerable to cyber-attacks,” CISA states about the vulnerabilities of the healthcare and public sector.
Targeting healthcare professionals is also motivated to reveal sensitive patient information and lead to significant financial costs to regain control of hospital systems and patient data. According to Experian, health records are extremely lucrative with records costing $1,000 per record, which is significantly higher than credit card reports that cost $5 to $10 a piece on the black market.
The combination of high dollar rewards for the breach of a US hospital’s data records along with the temporary shutdown of the technical services until a Bitcoin ransom is paid is a direct attack on US citizens while they are in need of healthcare. The cost of this to our society is alarming and requires innovation as well as public sector investment to kick-start ways to address this ongoing problem.