COVID Feature: Cybercriminals Attack Vulnerable Hospitals

Hacking and criminal concept.A hacker in a secret hiding place is neon light.

Cyber criminals have figured out that with millions of American workers logging on remotely for telework during the global coronavirus pandemic, it’s easy to plant malicious software, including ransomware. That’s why it’s more important than ever to practice good cyber hygiene. (All it takes is one wrong person with access to cause mayhem and commit fraud or identity theft.)

Now, Microsoft is warning hospitals of sophisticated ransomware attacks targeting remote healthcare workers. The technology giant has identified dozens of hospitals with network gateways and virtual private networks that are vulnerable to attacks.

Human-operated ransomware attacks employ credential theft and lateral movement methods traditionally associated with targeted attacks like those from nation-state actors. A ransomware campaign called REvil (also known as Sodinokibi) actively exploits gateway and VPN vulnerabilities to gain a foothold in target organizations. Once attacks breach the network, they steal credentials, elevate their privileges and move laterally across networks to ensure persistence before installing malware, according to Microsoft. (This could have devastating effects on hospitals, health care providers and patients, especially in the midst of a pandemic.)

Microsoft has notified hospitals about the vulnerabilities, along with a strong recommendation to apply security updates. (This goes for anyone, not just hospitals. There are so many ways a fraudster can gain access to personal identifiable information.) The recommendations include:

Cybercriminals target organizations that are most vulnerable to disruption—”orgs that haven’t had time or resources to double-check their security hygiene like installing the latest patches, updating firewalls, and checking the health and privilege levels of users and endpoints,” the Microsoft team wrote. Such attacks can go undetected for months, making it harder to fix, they said. (A little protection today can go a long way toward preventing fraud and saving lives.)

Today’s Fraud of the Day comes from a Fierce Healthcare article, “Microsoft warns hospitals of sophisticated ransomware attacks targeting remote workforce,” published on April 1, 2020.

Microsoft is warning hospitals that sophisticated ransomware attacks are trying to exploit remote workers to gain access to their networks.

As healthcare organizations move their nonessential employees to work remotely during the COVID-19 pandemic, ransomware operators are trying to find vulnerabilities in network devices like gateway and virtual private network (VPN) appliances.

Previous articleNo Pot at the End of The Rainbow
Next articleAdult Supervision
Larry Benson
Larry Benson is currently the Director of Strategic Alliances for Revenue Discovery and Recovery at LexisNexis Risk Solutions. In this role, Benson is responsible for developing partnerships for the tax and revenue and child support enforcement verticals. He focuses on embedded companies that have a need for third-party analytics to enhance their current offerings.