Skip to Content

A wave of ransomware hits US hospitals as coronavirus spikes

An unprecedented and opportunistic attack raises a disturbing question: Will it cost a life?
Hospitals around the US have reported a wave of ransomware attacks.
Hospitals around the US have reported a wave of ransomware attacks.Photo by Adhy Savala on Unsplash

American hospitals are being targeted in a wave of ransomware attacks as covid-19 infections in the US break records and push the country’s health infrastructure to the limit. As reports emerge of attacks that interrupted health care in at least six US hospitals, experts and government officials say they expect the impact to worsen—and warn that the attacks could potentially threaten patients’ lives.

“I think we’re at the beginning of this story,” said Mike Murray, CEO at the health-care security firm Scope Security. “These guys are moving very fast and very aggressively. These folks seem to be trying to collect as much money as possible very quickly. I think it will be tomorrow or over the weekend before the real scale of this is understood. Compromises are still ongoing.”

The Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and the Department of Health and Human Services published a dramatic warning on the night of Wednesday, October 28, about “imminent” ransomware threats to American hospitals. The agencies held a conference call with health-care security executives earlier that day to emphasize the need to prioritize this threat. Ransomware is a type of hack in which an attacker uses malware to hijack a victim’s system and demands payment before handing back control.

Hospitals including St. Lawrence Health System in New York, Sonoma Valley Hospital in California, and Sky Lakes Medical Center in Oregon have all said they’ve been hit by ransomware. A doctor told Reuters that one hospital had to function entirely on paper after its computers were taken offline.

Ransomware has grown into a multibillion-dollar international industry over the last decade and the pandemic has only increased profits. Is there any way to stop the threat?

One answer could be for the US government to carry out more offensive hacking operations against ransomware gangs, similar to one US Cyber Command conducted earlier this month. But today’s attacks prove that definitively disrupting the activity of these criminals is easier said than done.

The infamous ransomware gang behind these new attacks is known primarily as UNC1878 or Wizard Spider. The group, believed to be operating out of Eastern Europe, has been tracked for at least two years across hundreds of targets. 

“They’re incredibly prolific,” said Allan Liska, an intelligence analyst at the cybersecurity firm Recorded Future. “Their infrastructure is very good. You can see that because even with the takedowns Microsoft and Cyber Command have tried, they’re still able to operate. Honestly, they’re better funded and more skilled than many nation-state actors.”

The hacking tools UNC1878 uses include the notorious TrickBot trojan to gain access to victims’ systems, and the Ryuk ransomware to extort victims. Several of the tools in the group’s arsenal spare targeted machines if the systems are operating in Russian or, sometimes, other languages used in post-Soviet nations. 

The number of ransomware attacks against American hospitals has risen 71% from September to October 2020, according to the cybersecurity firm Check Point. The rest of the world has seen smaller but significant spikes in activity. Ryuk is responsible for 75% of ransomware attacks against American health-care organizations.

A patient died in September when ransomware hit a German hospital, but that attack appears to have targeted a hospital by mistake. By stark contrast, this week’s attacks are intentional.

Deep Dive


Start with data to build a better supply chain

Successful digital transformation starts with the right team, an agile mentality, and a strong data foundation, says global digital solutions manager of procurement and supply chain at bp, Raimundo Martinez.

Chiplets: 10 Breakthrough Technologies 2024

Chipmakers are betting that smaller, more specialized chips can extend the life of Moore’s Law.

Quantum computing is taking on its biggest challenge: noise

For a while researchers thought they’d have to make do with noisy, error-prone systems, at least in the near term. That’s starting to change.

Apple Vision Pro: 10 Breakthrough Technologies 2024

Micro-OLED technology has been in development for more than a decade, but the Vision Pro will be the highest-profile demonstration of its abilities to date.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.