U.S. Hospitals Warned Of Increasing Ransomware Attacks
STEVE INSKEEP, HOST:
The FBI and other federal agencies warned last night that cybercriminals from Russia have been attacking U.S. hospitals. The hackers have deployed malware meant to shut down medical facilities in order to demand millions of dollars in ransom payments. The private security firm Mandiant was among the companies that helped to identify these attacks and is now working with federal agencies. And Charles Carmakal joins us next. He is senior vice president and chief technology officer at Mandiant. Good morning.
CHARLES CARMAKAL: Good morning. Thanks for having me.
INSKEEP: It's kind of common, I'm sad to say, to have ransomware attacks. What makes this one so significant?
CARMAKAL: Yeah, so you're right. Ransomware is very common today, and we see it across a lot of different organizations and a lot of different sectors. But seeing ransomware deployed at hospital organizations that's deliberate by a threat actor is actually pretty new and different.
What we find is actually most threat actors aren't willing to deploy ransomware and cause disruption to hospitals, especially right now during the pandemic, because they're worried about impacting lives. But what's unique about this is we see a threat actor that is deliberately targeting health care organizations, specifically hospitals, and has no real fear of potential human impact and is just looking to make money.
INSKEEP: Let's talk about the potential human impact. As far as you can tell, could this kind of attack just cause confusion or could it actually kill people?
CARMAKAL: It could potentially do both. And look, we're really concerned about the confusion angle. You think about a ransomware attack and what actually happens to a hospital, you know, as the hospital learns that systems are being encrypted, they tend to take systems offline. And they have to refer - revert back to the paper-based means to treat patients.
And so what you sometimes find is that hospitals will end up diverting patients to other hospitals which may be minutes away, may be hours away. So it really just depends. And so no matter what, you're going to deal with situations where the ability for the health care practitioners to give care to patients, it's going to get delayed, which could certainly impact people's lives.
INSKEEP: Did some attacks succeed?
CARMAKAL: Unfortunately, yes. Many did succeed over the past several days and the past few weeks. And what we're afraid of is that it may happen to other organizations in the future.
INSKEEP: Has anybody been paying ransom money?
CARMAKAL: Unfortunately, yes. There are a number of organizations that do pay. It's a pretty big problem because so many organizations feel so compelled to pay these threat actors. I'll tell you, look, many of these organizations that pay, it's not because they're necessarily doing anything wrong from a security perspective. Sometimes, they have great backups in place. Sometimes, they have the ability to recover. But sometimes, they feel so compelled to pay the threat actors because they've created so much confusion, created so much disruption, and sometimes they've even stolen personal information that these victim organizations feel compelled to pay them because they don't want that personal information of their patients or their customers to be exposed to the world.
INSKEEP: Let me ask about one other aspect of this. We said hackers from Russia. Whenever we hear that phrase right here at election time, of course, we think about Russia's ongoing efforts to interfere with the U.S. election. But in this case, it appears to be an effort to get money. Is there some connection between Russian election interference and this kind of interference?
CARMAKAL: Yeah. So what I'll say about this particular threat actor, you know, we believe that they're based in Eastern Europe. We believe that they're organized. They're a criminal operation, and they're financially motivated. And it's very clear to us today that they are interested in making money. And so that appears to be their primary driver.
INSKEEP: Wow, but willing to go after hospitals to do that. Mr. Carmakal, thank you very much.
CARMAKAL: No problem. Thank you.
INSKEEP: Charles Carmakal is senior vice president and chief technology officer at Mandiant.
NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.