Skip to main content

The US Department of Justice (DOJ) announced this week that approximately $500,000 in Bitcoin
was seized from North Korean threat actors who were using Maui ransomware to attack healthcare organizations in the United States. The DOJ filed a lawsuit in the District of Kansas asking that the bitcoin confiscation be returned to victims of the attacks who were healthcare providers in Kansas and Colorado.

The attacks caused major disruptions to IT systems and medical services and endangered patient safety. The new ransomware variant was discovered while investigating a ransomware attack on a Kansas hospital in May 2021. The Kansas vendor had alerted the FBI when the ransomware occurred. As a result, the FBI was able to observe a bitcoin payment of $120,000 to one of the seized accounts that was separately paid for by the Colorado healthcare provider.

The attack was attributed to a North Korean hacking group suspected of receiving support from the DPRK. The Kansas hospital had its servers encrypted, preventing access to critical computer systems for more than a week. The hospital paid a $100,000 ransom for the keys to decrypt the files and regain access to its servers quickly.

“Through a victim’s prompt reporting and cooperation, FBI and Justice Department prosecutors disrupted the activities of a North Korean state-sponsored group deploying ransomware known as “Maui “,” Deputy Attorney General Lisa O. Monaco told the International Cybersecurity Conference today. The Treasury, FBI, and Cybersecurity and Infrastructure Security Agency (CISA) issued a joint alert on July 6 regarding Maui and the targeting of health care providers.

While ransomware is a new phenomenon, healthcare organizations are the most vulnerable

The number of ransomware attacks against healthcare institutions increased by 94% between 2021 and 2022, according to a report by cybersecurity firm Sophos. More than two-thirds of healthcare organizations in the United States reported experiencing a ransomware attack in 2021, according to the study, up from 34% in 2020.

In October 2020, the FBI, CISA and the US Department of Health and Human Services issued a joint alert stating that there is “…credible information of an increased and imminent cybercrime threat to hospitals and American healthcare providers. CISA, the FBI, and HHS share this information to alert healthcare providers to ensure they are taking timely and reasonable precautions to protect their networks from these threats.

In a section of the CISA website, the organization explains part of the problem. “Health information technology provides essential life-saving functions and consists of connected and networked systems that leverage wireless technologies, making these systems more vulnerable to cyberattacks,” CISA says on healthcare vulnerabilities. health and the public sector.

Targeting healthcare providers is also motivated to expose sensitive patient information and incur substantial financial costs to regain control of hospital systems and patient data. According to Experian, healthcare data is hugely lucrative, with records costing $1,000 per record, which is significantly higher than credit card reports that cost $5-10 each on the black market.

The combination of high rewards for breaching US hospital data records and the temporary shutdown of technical services until a Bitcoin ransom is paid is an outright attack on US citizens as they need health services. The cost of this to our society is alarming and requires innovation as well as public sector investment to pioneer ways to address this persistent problem.