A new study reports that a Russian-speaking hacking group is repeatedly targeting the U.S. healthcare industry with ransomware attacks. The group is known as “FIN12” and has been active for at least three years.
The hackers try to extort a ransom by shutting down systems, blocking access to medical records, and affecting other functions that increase the risk to patients. According to the report, the group checks the financial statements of prospective targets before cherry-picking them.
The report was published by cybersecurity firm Mandiant. Mandiant chief executive Kevin Mandia said they decided to bring out the story after responding to numerous attacks by the group.
“Over 20% of the ransomware attacks that we respond to as a company are FIN12,” Mandia said.
Over 70% of FIN12’s Targets are Based in the U.S.
The report states that FIN12 frequently targets hospitals and clinics, adding that nearly 20% of its victims belong to the healthcare industry. Furthermore, 70% of their healthcare victims are based in the United States.
Mandiant described the group as a “financially motivated threat actor,” stating that it has been behind high-profile attacks since at least October 2018.
The number of FIN12’s attacks outside North America has increased significantly. The report states that the first half of 2021 saw twice the number of attacks from 2019 and 2020 combined. The group has targeted organizations based in the following countries:
- South Korea
- United Arab Emirates
- United Kingdom
Mandiant believes this spike could be down to FIN12 working with more diverse partners or due to the increased attention it faces from the U.S. government.
New Study Says Ransomware Attacks Cause Increase in Mortality Rates
Mandia said that FIN12 is “absolutely” putting American lives at risk through its activities.
“The attacker does not know the damage they’re causing, what its impact will be, what the collateral damage will be,” Mandia added.
New research by the Ponemon Institute paints a disturbing picture of the impact of ransomware attacks on the health of victims, having conducted a survey with over 500 healthcare organizations. Below are some of its key findings:
- 43% of the surveyed organizations reported being victims of ransomware attacks.
- 22% of these organizations said their patient mortality rate went up after the attack.
- 71% said their patients spent more time hospitalized after the attack.
- 61% said they are not confident they can mitigate the risks of ransomware attacks during the pandemic.
Ed Gaudet, CEO and founder of healthcare risk management company Censient, said, “The data would suggest people are dying. There’s an increase in mortality rates based on ransomware attacks.”
Gaudet added that these attacks greatly affect doctors and nurses, as well as their ability to tend to patients.
“When a ransomware attack happens, all services are shut down in a hospital. The doctors, the nurses, they don’t have access to the records, and so they cannot deliver effective patient care,” he added.
U.S. Government Steps up Efforts to Address Ransomware Threat
In September, the Department of Treasury announced a series of actions to counter this growing threat. In 2020, ransomware payments stood at over $400 million, with the U.S. government stating that this figure reflected only “a fraction of the economic harm caused by cyber-attacks.”
In the same month, the FBI put out a warning to the country’s food and agriculture sector about potential ransomware attacks.