Please fill in the form below to subscribe to our blog

Sudden Spike in Healthcare Cyberattacks May Be Nation-State Hackers

October 29, 2020

FBI, HHS & CISA: Nation-State Hackers Are Making an All-Out Push in Pharma & Healthcare Cyberattacks

A precipitate rise in healthcare cyberattacks, including attacks at public health agencies, hospitals, laboratories, and pharmaceutical companies, may be the work of nation-state hackers. The US Federal Bureau of Investigation (FBI), The US Department of Health and Human Services (HHS), and the Cybersecurity Infrastructure Security Agency (CISA) released a strongly worded alert warning businesses in those sectors to beware of increased cybercriminal activity, especially ransomware.

Ransomware Points to Possible Russian Hackers

The primary area of concern noted in the alert is Ryuk ransomware, Commonly delivered as the payload of a phishing attack, Ryuk ransomware has also been used as an adjunct of TrickBot. Just last week, a coalition of US businesses, government agencies, and military personnel conducted operations to disable the TrickBot botnet, with Microsoft winning a court order to seize essential servers empowering the malware. That effort damaged but did not destroy the TrickBot gang’s operations.

All three agencies cooperated to investigate the spate of recent attacks on the health and pharma sector, and they quickly came to the conclusion that this wasn’t run-of-the-mill cybercrime. The pace and scope of the attacks along with the software and techniques used has pointed investigators in the direction of Russian and Eastern European threat actors executing a complex series of attacks with the goal of damaging US infrastructure and causing alarm.

This warning comes on the heels of a flood of news reports indicating that hospitals in the US and around the world are squarely in the crosshairs of cybercriminal gangs. In recent weeks, ransomware has wreaked havoc in medical systems of every size including hospitals that are already overburdened with care during COVID-19’s new wave. Today’s attacks, fueled by abundant Dark Web information and a hot market for COVID-19 related data, also test the security of critical infrastructure.

Be the hero that defeats a company’s security threats to declare victory over cybercriminals! GET THE GUIDE>>

Overburdened Hospitals Face Care Disruptions

While the danger of healthcare cyberattacks has been a concern throughout the global pandemic, attacks against healthcare and pharma targets have skyrocketed in the last 4 weeks. At the end of September, a massive ransomware attack crippled healthcare titan Universal Health Services, impacting patient care and operations at more than 400 hospitals in the US and UK. In the subsequent weeks, more hospitals have fallen prey to cybercrime at a time when they can’t afford distractions.

The danger has continued to mount. A critically ill trauma patient in Germany died in transit after the first hospital that she was taken to was unable to treat her due to ransomware. Essential healthcare delivery, from cancer treatments to COVID-19 care, has been impacted by cyberattacks in public hospitals and private clinics like Piedmont Cancer Institute.

The anger isn’t just limited to hospitals – while they’re apparently the primary targets, everything in the healthcare sector from ambulance services like AAA Ambulance in Hattiesburg, MS to the Georgia Department of Human Services has been hit in this crime wave. Many hospitals haven’t just experienced business disruptions, they’ve also had patient data stolen, like Oaklawn Hospital in Michigan.

Big Pharma Targets Are in Hackers’ Sights

Hackers are also zeroing in on pharmaceutical companies as the race to develop a vaccine for COVID-19 becomes tighter. Three major pharmaceutical companies were hit with hacking attacks including ransomware this week.

  • Dr.Reddy’s in India, (a major pharma company contracted to distribute Russia’s future Sputnik-V vaccine and a manufacturer of COVID-19 treatments remdesivir and favipiravir) was severely impacted by hacking that slowed production and research.
  • US pharmaceutical giant Pfizer experienced a huge data breach when logs, transcripts, and details of hundreds of patient helpline conversations about its drugs were discovered in an unsecured Google Cloud storage bucket that was initially thought to be a security mistake, but red flags in the investigation have raised hacking concerns.
  • Shionogi & Company Limited, a leading Japanese pharmaceutical company that is a major player in the race to find a COVID-19 vaccine, experienced a hacking intrusion at its Taiwanese subsidiary. The company stated that the incident was limited to exposing employee information and a “small amount of data”.

How to Protect Your Data & Systems

Ransomware usually shows up on a company’s doorstep by showing up in an employee’s inbox in the form of a phishing email. More than 65% of cybercriminals use phishing as their primary form of attack, and a new phishing attack is launched every 39 seconds. Stopping employees from falling for the bait in a phishing attack is the key to protecting systems and data from ransomware.

BullPhish ID is the ideal tool for phishing resistance and security awareness training. A boost in cybersecurity awareness is not only essential for preventing ransomware, it’s a boost to a company’s whole cybersecurity posture. Studies show that companies that conduct regular phishing resistance and security awareness training can experience up to 70% fewer cybersecurity incidents.

The Computer Security To-Do Checklist helps keep the bad guys out of businesses and data in! GET IT>>

Get More Value for Less Money

If getting the most for your money is high on your priority list, BullPhish ID checks that box right off too. Everything you need to run efficient, effective phishing simulation campaigns and training sessions in 8 languages is built right in. This dynamic solution features more than 80 plug-and-play phishing simulation campaign training kits and more than 30 easy-to-understand animated videos that explain phishing threats to personnel at any level of tech knowledge. Online testing helps you figure out who needs more help.

Security awareness training is most effective when it’s frequently refreshed, but you won’t have to worry about running out of training material or getting stuck using kits that are outdated, forcing you into buying add-ons. We add 4 new complete phishing simulation campaign kits to BullPhish ID every month and new video lessons too – including training around the latest COVID-19 threats. We’ll be adding content to address smishing and vishing threats in the near future as well.

Phishing resistance and security awareness training with BullPhish ID is the smart move to make to keep your business safe from a new wave of nation-state hacking threats. Contact us today and let’s get started on transforming your workforce from your biggest cybersecurity threat to your biggest cybersecurity asset fast.


let us help secure you against passwords reuse with contact information and the ID Agent logo on grey.

Our Partners typically realize ROI in 30 days or less. Contact us today to learn why 3,850 MSPs in 30+ countries choose to Partner with ID Agent!


Check out an on-demand video demo of BullPhish ID or Dark Web ID WATCH NOW>>

See Graphus in action in an on-demand video demo WATCH NOW>>

Book your demo of Dark Web ID, BullPhish ID, RocketCyber or Graphus now!