Business Continuity Management / Disaster Recovery , Critical Infrastructure Security , Cybercrime
FBI: Hospital Averted 'Despicable' Iranian CyberattackFBI Director Says Boston Children's Hospital Was Targeted Last Summer
Boston Children's Hospital thwarted a cyberattack by government-backed Iranian hackers last summer after U.S. authorities received intelligence about the pending assault and alerted the hospital, says FBI Director Christopher Wray.
See Also: Live Webinar | Education Cybersecurity Best Practices: Devices, Ransomware, Budgets and Resources
Wray, during a speech at Boston College on Wednesday about escalating nation-state cyberthreats, said the plan by Iran was for "one of the most despicable cyberattacks" he's seen.
"We got a report from one of our intelligence partners indicating Boston Children’s was about to be targeted," he said. "And, understanding the urgency of the situation, the cyber squad in our Boston Field Office raced to notify the hospital."
The FBI provided information to help the Harvard-affiliated hospital to immediately stop the danger, according to Wray. "We were able to help them ID and then mitigate the threat. Quick actions by everyone involved, especially at the hospital, protected both the network and the sick kids who depend on it," he said.
The information sharing and quick action is "a great example of why we deploy in the field the way we do, enabling that kind of immediate, before-catastrophe-strikes response," Wray said.
Brett Callow, a threat analyst at security firm Emsisoft says the averted Boston Children's Hospital incident spotlights the important role of cyber information sharing and collaboration.
"Public-private sector cooperation is a critical component of counter-ransomware efforts and can be the difference between an attack on a hospital succeeding and putting lives at risk or that attack being blocked," he says.
"More broadly, that cooperation is key to increasing threat actors' risks while simultaneously reducing their rewards, as demonstrated by the multiple-million-dollar losses incurred by BlackMatter as a result of such cooperation," Callow says. "There’s no quick and easy fix to the ransomware problem. But by sectors pulling together, it can be tackled in the longer term."
Wray did not specify the type of attack planned by Iran on Boston Children's Hospital. CNN reports that a special agent in the FBI's Boston field office says ransomware was not deployed in the incident.
Boston Children's Hospital in a statement to Information Security Media Group says: "Thanks to the FBI and our Boston Children's Hospital staff working so closely together, we proactively thwarted the threat to our network." The hospital declined ISMG's request for additional details about the incident.
Last August, a threat actor reportedly claimed he had hacked into a Massachusetts-based HVAC vendor, ENE Systems, and had been able to remotely access ENE’s customers' systems, including obtaining snapshots of wiring schematics for Boston Children's Hospital (see: Alleged HVAC Hack Shines Spotlight on OT Risks to Healthcare).
The hospital at the time told ISMG it had been aware that one of its vendors had a security compromise to its network environment, but said there was no risk to either its hospital operations or business operations as a result of this incident and that no patient information was affected.
In 2014, a hacktivist launched distributed denial-of-service attacks on Boston Children's Hospital and another local facility to protest a controversial child custody involving the two entities.
The attacks disrupted the hospital's network for at least two weeks and hampered internet connectivity of other Boston area hospitals.
In 2019, the hacktivist was sentenced to 10 years in federal prison and ordered to pay nearly $443,000 in restitution.