FBI Issues ‘Conti’ Ransomware Alert as High-impact Global Attacks Persist against Health Care and Critical Infrastructure

May 21, 2021

AHA, U.S. law enforcement warn of regular, regionally disruptive threats that could impact the delivery of patient care

The Federal Bureau of Investigation May 20 issued an alert regarding “Conti,” a highly disruptive ransomware variant. Attacks associated with Conti and the previously published Darkside ransomware variant are believed to be emanating from criminal networks operating from a non-cooperative foreign jurisdiction.

The FBI says it identified at least 16 Conti ransomware attacks targeting U.S. health care and first responder networks, including law enforcement agencies, emergency medical services, 911 dispatch centers and municipalities within the last year.

Ransomware attacks associated with these variants have resulted in regionally disruptive impacts to critical infrastructure, including hospitals and health systems in the United States and Ireland. Most recently, hospitals in New Zealand have been hit by disruptive ransomware attacks.

These ransomware attacks have delayed or disrupted the delivery of patient care and pose significant potential risks to patient safety and the communities that rely on hospitals’ availability.

AHA TAKE

The AHA remains concerned about cyberattacks with the potential to disrupt patient care and jeopardize patient safety. As stated in our testimony before the Senate Homeland Security Committee in December 2020, AHA believes that a ransomware attack on a hospital or health system crosses the line from an economic crime to a threat-to-life crime.

The AHA acknowledges and commends the U.S. government’s efforts to share timely and actionable cyber-threat intelligence. However, relying on victimized organizations to individually defend themselves against these attacks is not the solution to this national strategic threat. The vast majority of these attacks originate from outside the United States, often beyond the reach of U.S. law enforcement, where ransomware gangs are provided safe harbor and allowed to operate with impunity, sometimes with the active assistance of adversarial nations.

In response, the AHA has urged the government to embark upon a coordinated campaign that will use all diplomatic, financial, law enforcement, intelligence and military cyber capabilities to disrupt these criminal organizations and seize their illegal proceeds, as was done so effectively during the global fight against terrorism.

WHAT YOU CAN DO

Please review and share with your leadership and cyber security teams the following compilation of the latest federal government ransomware bulletins. Along with AHA and partner resources, below contains details on ransomware technical signatures and best practices for preventing and responding to ransomware attacks. These include the need for highly secure, network segmented network and data backups; the use of multi-factor authentication for all remote access to networks and privilege escalation; and the importance of a current, frequently tested cross function cyber incident response plan.

FURTHER QUESTIONS

For more information on these or other related issues, contact John Riggi, AHA’s senior advisor for cybersecurity and risk advisory services, at jriggi@aha.org.

Related Resources

Advancing Health Podcast
Public
America’s hospitals and health systems are at risks of attacks that threaten the bio-economy. How do these threats affect patients and citizens and what we can…
Fact Sheets
It is imperative that Congress invest in America’s hospitals and health systems to ensure that the nation’s health care needs can be met today and into the…
Letter/Comment
The American Hospital Association (AHA) would like to share hospital and health system priorities that would benefit patients and communities around the…
Advancing Health Podcast
Public
On this AHA Advancing Health podcast, John Riggi, AHA senior advisor for cybersecurity and risk, speaks with his former FBI colleague Mike Orlando, acting…
Advisory
Public
Microsoft has released out-of-band security updates to address a remote code execution (RCE) vulnerability — known as PrintNightmare (CVE-2021-34527) — in the…
Advancing Health Podcast
Public
Hospitals and health systems have frequently been the target of high-impact ransomware attacks. In this podcast, John Riggi, AHA senior advisor for…