Microsoft Warns Hospitals Vulnerable To Ransomware Attacks

By Ben Kochman
Law360 is providing free access to its coronavirus coverage to make sure all members of the legal community have accurate information in this time of uncertainty and change. Use the form below to sign up for any of our weekly newsletters. Signing up for any of our section newsletters will opt you in to the weekly Coronavirus briefing.

Sign up for our Health newsletter

You must correct or enter the following before you can sign up:

Select more newsletters to receive for free [+] Show less [-]

Thank You!



Law360 (April 1, 2020, 8:27 PM EDT ) Microsoft Corp. said Wednesday that it had warned dozens of hospitals that it believes are particularly vulnerable to being held hostage by ransomware attackers during the COVID-19 crisis.

In a blog post, the tech giant said it had alerted "several dozens" of hospitals with vulnerabilities in their infrastructure, including in the virtual private networks, or VPNs, that remote workers are increasingly using to connect to shared networks amid the coronavirus outbreak.

"To help these hospitals, many already inundated with patients, we sent out a first-of-its-kind targeted notification with important information about the vulnerabilities, how attackers can take advantage of them, and a strong recommendation to apply security updates that will protect them from exploits of these particular vulnerabilities and others," Microsoft's Threat Protection Intelligence Team said in the blog post.

The company said it had seen evidence that the health care industry is "particularly exposed" to ransomware and other forms of cyberattacks during the virus response, as attackers exploit understandable fears for their own ends.

"We haven't seen technical innovations in these new attacks, only social engineering tactics tailored to prey on people's fears and urgent need for information," Microsoft wrote in the blog post.

The company's threat monitoring team said it has seen a rise in sophisticated "human-level" ransomware attacks, which are more complex and hands-on than "run-of-the-mill" ransomware campaigns that in the past have spread with little to no effort on the part of the attackers.

"Adversaries behind these attacks exhibit extensive knowledge of systems administration and common network security misconfigurations, which are often lower on the list of 'fix now' priorities," the company wrote.

The "human-level" ransomware attackers also can linger on a victim's network for months undetected, making it hard for victims to figure out how exactly their network was breached and to what extent their systems are compromised, Microsoft said.

Ransomware attacks, which security experts say have grown exponentially in recent years, typically shut down their victim's computer systems, with attackers asking to be paid in digital currency in order to restore access. Some ransomware attackers have ratcheted up their efforts in recent months by taking the extra step of exfiltrating sensitive data, including from law firms, before threatening to post it on a public website.

As more and more companies move to remote work amid the virus outbreak, the U.S. Cybersecurity and Infrastructure Security Agency has suggested several steps organizations can take to mitigate their security risks, including mandating that workers use company-owned computers and frequently patching their virtual private networks with the latest security fixes.

--Editing by Bruce Goldman.

For a reprint of this article, please contact reprints@law360.com.

Hello! I'm Law360's automated support bot.

How can I help you today?

For example, you can type:
  • I forgot my password
  • I took a free trial but didn't get a verification email
  • How do I sign up for a newsletter?
Ask a question!