Europe’s largest private hospital network, Fresenius, has been hit by a severe ransomware attack, after reportedly opting to pay during a previous attack.
The ransomware attack has limited operational activity at the hospital network, which employs around 300,000 people across over 100 countries, although patient care is not thought to be impacted.
According to Krebs on Security, Fresenius previously opted to pay $1.5m in another ransomware incident, leading some experts to suggest that hackers see the organisation as an easy target that will pay out.
“This outrageous incident is a colourful validation of the FBI’s warning not to pay ransom. Reportedly, Fresenius has already paid a 7-digit ransom in the past to recover from a similar attack,” said Ilia Kolochenko, founder and CEO of web security company ImmuniWeb.
“Obviously, such a generous payment did not leave unscrupulous cybercriminals indifferent. Instead they quickly exploited the windfall and perfidiously re-raided this susceptible victim amid the crisis.”
Hospital network hit as hackers target healthcare with ransomware amid Covid-19
The outbreak of the Covid-19 coronavirus has seen healthcare become a major theme cyberattacks in 2020, both in terms of the framing of attacks and the targets.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below formBy GlobalData
Many cybercriminals have used the coronavirus as a way to lure victims into clicking on links in phishing emails, while others have seen healthcare institutions such as the Fresenius hospital network as valuable targets for ransomware and other attacks.
“There has been an enormous spike in cyberattacks since the beginning of the coronavirus epidemic. And the healthcare industry, already stretched and now even more overwhelmed and distracted, is a prime target,” said Jamie Akhtar, CEO and founder of CyberSmart.
“The World Health Organisation has reported a five-fold increase in attacks over the last two months.”
“Being mindful of Covid-19 social challenges, some cyber gangs decisively called to abstain from any attacks against medical and healthcare organisations, but unsurprisingly not everyone follows this Robin Hood code of ethics,” added Klochenko.
It is not clear how severely impacted Fresenius is by the attack, but as a major provider of dialysis products, an attack of this nature is naturally very serious.
For healthcare organisations, then, it serves of a stark reminder of how important cybersecurity is, even at a time when attention is rightfully focused on the pandemic.
“It’s unfortunate that even during times of pandemic, criminals are attacking and crippling systems belonging to hospitals and other medical facilities,” said Javvad Malik, security awareness advocate at KnowBe4.
“The attack serves as a reminder that criminals are not slowing down their attacks despite being in the midst of a global pandemic. In many cases, some are ramping up their activities. Therefore, it’s important for organisations to not slow down in their cybersecurity efforts.
“This includes a layered approach to make it difficult for attackers to target systems, providing security awareness and training to employees to identify phishing emails, and having robust threat detection and response capabilities.”