close US warns of Russian cyberattack as bilateral tension mounts Video

US warns of Russian cyberattack as bilateral tension mounts

Cybersheath CEO Eric Noonan discussed the possibility of cyberwarfare with Russia as the war in Ukraine continues. 

Three and a half years ago, the Springhill Medical Center in Mobile, Alabama became the target of Russian based cybercriminals known as the Ryuk gang also known as Wizard Spider. The hackers locked up all of the hospital’s computers, medical records and equipment when Springhill refused to pay the ransomware.

It’s one example out of hundreds in the past three years of cyber hackers attacking unsuspecting hospitals and medical facilities knowing that if those hospitals’ systems are down, lives can be lost.

“These criminal groups have been deploying ransomware against these hospitals, trying to lock up data, in some cases lock up medical devices in order to cause life-threatening conditions that then would, in their view, get these organizations to be much more likely to pay a quick ransom and have them make a buck,” Dmitri Alperovitch, founder of Silverado Policy Accelerator explains.

 “It’s been really an epidemic over the last three years with a range of both rural hospitals, small organizations and major hospital networks being attacked on a continuous basis by these groups and in some cases having to pay hundreds of thousands of dollars in ransoms.” 


Now the nation’s top cyber defenders plan to make protecting hospitals and K-12 schools their priority in the New Year.

“We call these entities target rich, cyber poor,” CISA director Jen Easterly, explains in an exclusive interview. CISA, the Cybersecurity and Infrastructure Security Agency established to protect U.S. election infrastructure is now focusing on protecting the nation’s water, electric grid and infrastructure. Easterly is a former Army Intelligence officer, who helped establish U.S. Cyber Command at the NSA. Before that she hunted terrorists using cyber tools in Iraq and Afghanistan.

  • Woman in army uniform
    Image 1 of 2

    Jen Easterly in Army uniform (Jen Easterly)

  • Jen Easterly at West POint
    Image 2 of 2

    Photo of Jen Easterly as a West Point cadet (Jen Easterly)

“We have seen massive attacks on K through 12 schools and hospitals and in all manner of small businesses, which are really the engine of the US economy,” Easterly explained. “What we want to do is to make sure that these entities, which don’t have a lot of resources, have the tools, the resources, the capabilities and the information to be able to protect themselves.”

In the past three years cyberattacks on hospitals have surged, threatening patients’ information and access to care, and even resulting in some deaths. The average cyber-attack on health care systems has led to 19 days of patients unable to receive some form of care, according to data from the CyberPeace Institute. It has documented 272 total cyberattacks against the US healthcare sector in the United States averaging 2.3 per week over a two-year period starting in mid-2020.


37 hospitals

68 medical specialists

22 clinics

26 care providers

21 mental health and substance abuse facilities

2 ambulance services

8 laboratories and diagnostic centers

14 medical manufacturers

14 pharmaceuticals

1 national health system

16 medical manufacturing & development

Dates: June 5th 2020 to September 28th 2022

Source: CyberPeace Institute

CISA recently signed a memorandum of cooperation with Ukraine, whose cyber defenders have been fending off Russian attacks on their critical infrastructure for nearly a decade.

Twitter of the Ministry of Defense of Ukraine is displayed on a mobile phone screen Feb. 15, 2022. Ukraine has had to endure Russian cyberattacks for years.

Twitter of the Ministry of Defense of Ukraine is displayed on a mobile phone screen Feb. 15, 2022. Ukraine has had to endure Russian cyberattacks for years.
(Beata Zawrzel/NurPhoto via Getty Images)

“The Russians have been using the Ukrainians as their cyber sandbox for ten years,” Easterly said. “And so they’ve gotten really good. And I think that’s a lesson that we need to learn as Americans. We’re going to help them with capacity building around things like industrial control systems. I think there’s a ton we can learn from the Ukrainians because they have done a tremendous job and showed incredible resilience in their infrastructure.”

The Russians began launching cyber-attacks in Ukraine in 2014.

“They were honing their skills and at the same time, Ukraine was honing their defensive skills. And so it gave them practice and understanding how the Russians operate,” Easterly explained.


Shortly after Russian troops invaded Ukraine on Feb 24, 2020, it carried out a cyber-attack on Ukrainian communications by targeting ViaSat, the American communications company that was providing satellite modems that the Ukrainians were using. Ukraine turned to Elon Musk, who provided Starlink terminals to them that gave them an ability to keep communicating. More recently the attacks have simply been so-called “wiper attacks,” malicious code that just attempts to wipe data on a machine, according to cyber expert Alperovitch.

“I think in many ways, because of the high tempo operations that the Russians have been attempting to execute in Ukraine, they’ve not been able to sort of stop and plan something out that’s much more complicated and that would take months to plan because they’re probably getting a lot of internal pressure to just get things out and achieve some sort of effects,” Alperovitch said. “But in prior years, for example, in 2015 and 2016, they’ve executed very complex operations against the Ukrainian electric grid, turning off power to hundreds of thousands of homes for a few hours purely through cyber operations. So in many ways, they’ve been able to do these types of experimentations using Ukrainian networks effectively as a testing platform.”

A person works at a computer during the 10th International Cybersecurity Forum in Lille Jan. 23, 2018. 

A person works at a computer during the 10th International Cybersecurity Forum in Lille Jan. 23, 2018. 
(Philippe Huguen/AFP via Getty Images)

Then there was the famous Russian NotPetya attack which began in 2017 targeting Ukraine and spread around the world becoming the most destructive cyber-attack in history, according to the White House. 

“NotPetya was a fake ransomware. It masqueraded as a ransomware that would attempt to lock up your data and then ask for ransom to unlock it. But of course, there would be no way to actually unlock the data. It would permanently destroy it, and it leveraged what’s known as a supply chain vulnerability because instead of breaking into numerous companies, one by one, the Russians achieved scale by breaking initially into one company that was providing tax filing software for Ukrainian businesses to do electronic tax filings,” Alperovitch explained.

Through a malicious update in that software, they were able to infect numerous companies. Many of the companies in Ukraine also had Western affiliates and contractors. The virus spread quickly beyond Ukraine’s borders inflicting billions of dollars in damage.


“So many had to rebuild their networks from scratch. A company like Maersk, for example, a global shipping behemoth, their networks were completely down, so it had to go back to pen and paper to track their ships and their shipments, causing enormous complications and massive damage,” Alperovitch explained. “You had other major manufacturers like Merck and others that were impacted as well as a result of this attack. So they had to find backups and restore their data because it was basically at that point irreversibly destroyed.”

The Russian government paid no price for that attack.

Liz Friden is a Pentagon producer based in Washington, D.C.

Leave a Reply

Your email address will not be published. Required fields are marked *