After pipeline attack, hospitals on guard as FBI warns of 'imminent' cyber threat on health care

RALEIGH, N.C. (WTVD) -- Federal officials across multiple agencies continue to warn of an "increased and imminent" cyber threat against hospitals and health care systems across the country.

The 22-page alert, first issued in the fall, now has an added urgency after a major ransomware attack shut down a key fuel pipeline that transports about 45% of all fuel consumed on the East Coast.

"Every organization is facing these kinds of attacks every day. You just know it," Peter Marks, Chief Information Officer at WakeMed, explains to ABC11. "It's incredibly serious."

WakeMed, of course, is one of three major hospital systems in North Carolina's Research Triangle that encompass a growing number of clinics and campuses. WakeMed, itself, spans 80 locations with some 10,000 employees.

"It's one of the main pillars of our business - to make sure we protect our patients and families," Marks said. "We have a trust relationship with them, and we do that by protecting their data."

The data is the information that could include everything from medical histories of patients, personal identifications, or even billing information. Potentially more valuable, however, is a hospital network that powers MRI machines, nurse stations and emergency departments.

On May 1st, a cyber attack shut down operations at a hospital in San Diego, underscoring the public safety threat that could ensue if a cyberattack proves successful.

"The biggest risk is to your reputation," Ted Lotchin, Chief Compliance Officer at WakeMed, tells ABC11. "We are WakeMed, we've been here for 60 years and our mission is to provide outstanding and compassionate healthcare to anyone who walks in through our doors. If folks don't have faith and trust in protecting your information, it's hard to get over that. The privacy side and the security side are really about as intertwined as you can imagine."

FBI reports put North Carolina in top 10 among all states for reported cybercrime losses

The FBI reported more than 77,000 North Carolinians were victims of cybercrimes in 2018, leading to financial losses of more than $137 million.

The North Carolina Department of Information, and its Chief Risk Officer, Maria S. Thompson, reviewed some 2,000 cyber incident reports. These include attacks against local governments to more widely known breaches, including Marriott, Macy's and Yahoo. Generally speaking, those figures represent a 175% average increase since 2017.

Nationally, more than 170 county, city and state governments have been hit by cyber attacks since 2013.

Thompson's team, which is comprised of several military veterans, is an integral part of the state's Cybersecurity Response Force (CSRF) that facilitates partnerships with state, local, federal IT and even National Guard members.

"It's a very decentralized model in the way these criminals operate," Thompson says. "So you may have someone that actually builds the code, someone that sells it. It is a true business model they're leveraging. I see the merging of the minds coming together figuring out how to attack us."

As to who is facilitating the attacks, Thompson cites evidence pointing to a combination of international gangs and foreign governments themselves.

"During the onset of COVID what we saw was entities being probed to try to find out information on what we were doing as far as our vaccine systems," she explains. "It could be to disrupt supply chain. If they chose to do that they could have an advantage over the United States. I think it's well known, we see in the news, countries such as China has been known to be more aligned with taking those actions towards espionage and others are more disruptive in nature."

Several types of worms, viruses

Though some of the widely reported breaches highlight potential weaknesses in passwords, North Carolina IT officials are identifying three main avenues for cybercriminals to infiltrate computer networks.

The first is a targeted attack on a specific entity through a business email compromise. In this instance, a hacker will forge a business email to look like a common communication or transaction. The goal is to trick users into conducting bank transactions where money is transferred or wired into an account by the attacker.

Second, criminals are increasingly using a tactic known as ransomware, where a hacker will infiltrate the network and block access to the network, generally through a phishing email, and encrypt the organization's data using malware. The data, then, stays encrypted and unreachable until the company (or government) pays a certain amount of cash. This type of attack, Thompson explains, is either a crime of opportunity or targeted.

The third form of attack is phishing where the attacker's motive is to attain credentials like passwords to gain access to sensitive data like banking information, health data, social security numbers and more,

Thompson, the State Chief Risk Officer, says criminals may use these instances where and when they know a company or institution does not have the resources or cybersecurity personnel to adequately defend its network.

"Generally speaking the attacks we've seen haven't been targeted - it's just been opportunistic," she explains. "The way the emails are crafted, it creates an emotional action from the end user, whether it's an urgent or important subject that gets your attention."

For Peter Marks and the WakeMed cybersecurity team, it's another reminder that even the best firewalls and digital security layers cannot make up for lapses in judgment.

"Your best defense is your people."