A pro-Russian hacktivist group claimed credit. Federal authorities had issued an alert about the group this week.
Hospital websites across the country went down or experienced problems due to cyberattacks in recent days, with a Russian group boasting that it is responsible.
A pro-Russian hacktivist group called “KillNet” has claimed credit for the disruptions, and federal authorities issued a warning Monday that the group was targeting health systems. The group has attacked hospitals and other organizations in the U.S. and other countries that have supported Ukraine in its war with Russia.
Hospitals in Michigan, North Carolina, Delaware, and Iowa all reported issues with their websites. Typically, the organizations managed to restore the sites within hours and they said there was no impact on patient care.
KillNet specializes in distributed denial-of-service (DDOS) attacks, which involve sending thousands of connection requests to servers, subsequently slowing down or stopping vulnerable systems, federal officials say. The American Hospital Association also issued an alert about KillNet to its members.
University of Michigan Health experienced problems with its public websites Monday as a result of a cyberattack on a vendor, the Detroit Free Press reported.
“University of Michigan Health has been experiencing intermittent problems with its public websites as a result of a cyberattack on a third-party vendor we use to host some of our sites,” spokeswoman Mary Masson, a spokeswoman, told the Free-Press Monday. Within hours, Masson said the issues were intermittent.
ChristianaCare’s main website went down Tuesday night, but it was restored within hours, the organization said. The system said hospital and health systems remained fully operational and there was no impact to data security.
“On January 31, 2023, ChristianaCare experienced a distributed denial-of-service (DDoS) attack on its main public website, christianacare.org, consistent with other incidents reported this week impacting health care organizations around the world. A DDoS attack is a malicious attempt to disrupt the normal traffic of a website by overwhelming it with a flood of internet traffic."
“Our information technology team worked quickly to resolve the situation, and normal website service was restored within several hours,” the system said.
Atrium Health’s website experienced outages Monday, but the hospital systems and patient portal weren’t affected, The Charlotte Observer reported.
“There was a temporary disruption to our website,” Atrium Health said in a message on Twitter. “Our information technology teams have successfully resolved the situation. It's important to note the disruption affected only our public-facing website. Our hospital systems and patient portal remained fully functional.”
Duke Health experienced “intermittent issues” with its public website Monday, a spokesperson for the North Carolina-based health system confirmed to The News & Observer.
The University of Iowa Health Care said public websites went down Tuesday, but the system said Wednesday they were restored. These sites were down temporarily: UI Hospitals & Clinics, UI Stead Family Children’s Hospital, and the Carver College of Medicine.
The Health Sector Cybersecurity Coordination Center (HC3), a division within the U.S. Department of Health & Human Services, said KillNet has been active since January 2022 “and is actively targeting the health and public health sector.”
On Jan. 28, KillNet’s alleged attack lists for hospitals and healthcare organizations in several countries was disclosed, HC3 said.
The HC3 advisory to health systems said, “While KillNet’s DDoS attacks usually do not cause major damage, they can cause service outages lasting several hours or even days.”
The group tends to exaggerate its capabilities and HC3 said, “It is worth taking any claims KillNet makes about its attacks or operations with a grain of salt.”
Still, some hospitals endured unwanted headaches this week.
On a more encouraging note, federal authorities said they have disrupted a ransomware gang that has targeted hospitals and other critical infrastructure.
The U.S. Justice Department announced Thursday that the FBI managed to break into the networks of Hive, a ransomware group that has threatened health systems, financial companies, and schools around the world. Authorities managed to prevent victims from having to pay $130 million in ransom demands, the justice department said.
Hundreds of breaches of private health data were reported last year, affecting millions of Americans.