Pro-Russia Hackers Targeted More than 400 U.S. Hospitals in 2020

The Russian-affiliated hacker plot was discussed by the gang in an online chatroom but was disrupted by U.S. authorities.

(Photo: Shutter2U, Adobe Stock)

March 30, 2022 Robin Hattersley Jump to Comments

At the height of the pandemic, Russian-affiliated hackers were plotting to disable and hold hostage more than 400 U.S. hospitals.

The plan was discussed in 2020 in an online chatroom, but it was disrupted by the Department of Homeland Security and U.S. Cyber Command, reports the Wall Street Journal.

According to a Ukrainian researcher, the Russian cybercriminal gang known as Trickbot was the organization responsible for the ransomware plot. According to Wired, their objective was to force 428 hospitals that were busy responding to surging COVID-19 cases to quickly pay ransoms.

“Fuck clinics in the usa this week,” one Trickbot member said in the chatroom. “There’s gonna be a panic.”

The documents, which were seen by Wired, date from the summer and fall of 2020, and U.S. authorities disrupted the cybergang’s infrastructure. However, since then, Trickbot has grown its operations and strengthened its malware.

For several years now, U.S. federal authorities have been warning healthcare facilities of the threat of ransomware. In the fall of 2020, the U.S. Cybersecurity and Infrastructure Agency, FBI and Department of Health and Human Services said malicious cyber actors were targeting the healthcare sector with Trickbot malware, leading to ransomware attacks, data theft, and the disruption of critical healthcare services.

American hospitals hit by ransomware include Sonoma Valley Hospital in Sonoma, California, all 250 Universal Health Services facilities, the Champaign-Urbana Public Health District in Illinois, Enloe Medical Center in Chico, California, Hackensack Meridian Health in New Jersey, Sturdy Memorial Hospital in Attleboro, Massachusetts, UF Health Central Florida, and many others, although it’s unclear how many of those attacks were the work of Russian-affiliated hackers.

Trickbot is also believed to be responsible for 16 attacks on U.S. emergency responders last year, reports Beckers Hospital Review.

Globally, from 2020-2021 there was a 39% increase in ransomware attacks on healthcare facilities.

Ransomware even led to a fatality in Germany in September 2020. A female hospital patient died after she was diverted to another facility 20 miles away when ransomware shut down the university-affiliated hospital where she was being admitted.

The cyber threat from Russian-affiliated cybercriminals is ongoing. Just last week President Joe Biden urged U.S. businesses to take added precautions amid “evolving” intelligence that Russia could target American companies with cyberattacks as it continues its war on Ukraine.

If you appreciated this article and want to receive more valuable industry content like this, click here to sign up for our FREE digital newsletters!

About the Author

Robin Hattersley, Editor-in-Chief

Contact:

Robin has been covering the security and campus law enforcement industries since 1998 and is a specialist in school, university and hospital security, public safety and emergency management, as well as emerging technologies and systems integration. She joined CS in 2005 and has authored award-winning editorial on campus law enforcement and security funding, officer recruitment and retention, access control, IP video, network integration, event management, crime trends, the Clery Act, Title IX compliance, sexual assault, dating abuse, emergency communications, incident management software and more. Robin has been featured on national and local media outlets and was formerly associate editor for the trade publication Security Sales & Integration. She obtained her undergraduate degree in history from California State University, Long Beach.