Jackson Health, other state hospitals on alert for possible ransomware attacks

Kirby Wilson
·4 min read

On Wednesday, federal officials warned of impending cyberattacks targeted at hospitals. Five healthcare facilities have already been hit across the U.S., experts said, and more could be coming.

Officials with the FBI, Department of Health and Human Services and the Cybersecurity and Infrastructure Security Agency (CISA), said across the country, hospitals should be on the lookout for ransomware attacks. In those attacks, nefarious actors gain access to a computer system and then encrypt the system’s data. Hackers then send messages to users saying they can have access to the data once again for a hefty fee.

Florida hospitals say they take the threat seriously.

“Florida’s hospitals are facing a significant and serious threat with the potential for damaging consequences and massive disruption to our healthcare system,” said Florida Hospital Association President and CEO Mary Mayhew — who resigned last month as the head of Florida’s Agency for Health Care Administration. “This is not the first attempt, nor will it be the last.”

It’s unclear whether the hackers have already targeted Florida. A spokeswoman for the FBI field office in Tampa said the bureau would not confirm which hospitals have been hit by the attacks.

Officials from BayCare Health System and Jackson Health System said they had not been affected by the attack.

Connie Barrera, the chief information security officer with Miami-Dade County’s Jackson Health System, complimented the federal response to the attacks. She said she participated in a call Thursday with representatives from the Cybersecurity and Infrastructure Security Agency, the FBI and the Food and Drug Administration. To Barrera, the call was an example of healthy communication between security professionals and federal officials.

Still, Barrera said some questions remain unanswered.

“Part of what everybody wants to know: how many people have been impacted? Who’s getting impacted? Is it geographically targeted? What medical systems are being targeted?” Barrera said. “Those very important key questions were not addressed.”

Tech worries as COVID surges

The threat comes at a critical time for hospitals across Florida. Administrators and medical professionals who have been working tirelessly for months during the coronavirus pandemic now must face another potential crisis.

COVID-19 hospitalizations across the state have also ticked up recently — although the change does not yet threaten to overwhelm state hospitals with COVID patients, as spikes in other states have in some places.

Barrera’s team, which must maintain secure information technology for one of the largest public hospital systems in the country, started hearing rumblings about an impending round of cyberattacks at the beginning of October, she said. For instance, her team noted the efforts of Microsoft earlier this month to disrupt one of the most notorious distributors of ransomware, Trickbot.

The Associated Press reported that a Russian-speaking cybercriminal organization was behind the latest round of attacks. The group reportedly tries to install Ryuk ransomware — a well-known and particularly insidious software — onto systems in order to extort victims. (Earlier this year, the Tampa Bay Times was hit with a ransomware attack involving this software.)

How hackers get in

Hackers launching a ransomware attack can enter a computer system a few different ways. Most common is via a phishing attack, in which a hacker tries to con someone into giving away his or her login information or click on a malicious link. This kind of attack is why cybersecurity professionals recommend against clicking on any attachments or links from an unknown email address.

The hacker then uses that login information to gain access to the entire computer network, from which the hacker can wreak havoc.

Barrera noted hospitals are particularly vulnerable to another form of hacking, in which an actor is able to gain control of a WiFi-enabled medical device, such as a heart monitor. Such devices are not typically as secure as a computer, but they are often connected to hospital wireless systems. Hackers can gain access to a network through that device, Barrera said. With many hospital staffers working from home, the threat of network infiltration from a WiFi-enabled device is all the greater.

Worst-case scenario, Barrera said, hackers are successful. They gain access to the Jackson computers, and are able to restrict staff access to the network. But even in that scenario, the hospital system is prepared, Barrera said. Doctors and nurses are trained to conduct patient business on paper, if necessary. And much of the hospital’s data is stored by a third-party vendor, mitigating the risk of an on-site hack, she said.

For now, Barrera said her team is left to do what it essentially always does: carefully monitor its systems for evidence of a hack.

“We never feel comfortable until we know it’s over,” Barrera said. “And even when it’s over, you’re thinking, ‘What’s the next copycat or evolution?’ ”