FBI Stopped ‘Despicable’ Cyberattack on Boston Children’s Hospital

In 2021, the Federal Bureau of Investigation (FBI) assisted Boston Children’s Hospital counter a cyberattack executed by Iranian state-sponsored hackers and avoided any problems. FBI Director, Christopher Wray called the attempted cyberattack a despicable cyberattack.

During the Boston Conference on Cyber Security, Director Wray stated that Iranian state-sponsored attackers took advantage of a vulnerability found in a famous software program produced by the Californian cybersecurity provider Fortinet. The FBI was notified concerning the breach and the imminent attack by yet another intelligence organization and advised the hospital last August 3, 2021. Wray mentioned that the FBI had a meeting with the hospital associates and presented information that enabled the hospital to recognize and offset the threat.

Wray explained this was a good illustration of why they work in the industry allowing that kind of instant, before-catastrophe-happens acts, and spelled out that the incident serves to advise all healthcare companies to make certain they have an incident response program that involves the FBI. Wray stated this incident demonstrates the threat of strong consequences of cyberattacks by nation-state hackers from Iran, China Russia, and North Korea. He furthermore mentioned they should never let up on China or Iran or criminal groups although they were centered on Russia.

Last November 2021, the Cybersecurity and Infrastructure Security Agency (CISA), together with the FBI, the National Cyber Security Centre (NCSC) in the UK, and the Australian Cyber Security Centre (ACSC) published a security notification cautioning the healthcare segment and providers of critical infrastructure concerning an Iranian nation-state Advanced Persistent Threat actor who has been taking advantage of Microsoft Exchange as well as Fortinet vulnerabilities to take records, carry out ransomware attacks and demand dollars from affected individuals.

Wray was unable to identify what sort of attack the hacker was trying to perform, simply that a cyberattack might have ruined the system, which might have had a disastrous result on the sick young children that count on it. The cyberattack involved looks like conducted by means of an HVAC vendor.

In August 2021, a threat actor got in touch with Databreaches.net and showed proof of an assault on an HVAC provider and said that they had accessed the HVAC vendor’s networks and furthermore acquired access to the systems of a children’s hospital. It was affirmed that the HVAC company involved offers assistance to the Harvard-associated hospitals, Brigham & Women’s Hospital, Mass General Hospital, and Boston Children’s Hospital.

Boston Children’s Hospital had experienced attacks in 2014. The hospital encountered a number of attacks that upset its networks for over a week. The attacks were performed to get back at how the hospital addressed the custody battle case of Justina Pelletier. The person responsible for that attack was caught and charged. He got sentenced to ten years imprisonment last 2019.

Elizabeth Hernandez

Elizabeth Hernandez is the editor of HIPAA News section of HIPAA Coach and an experienced journalist in the healthcare sector. She specializes in healthcare and HIPAA compliance, making her a go-to source for information on healthcare regulations. Her work focuses on the importance of patient privacy and secure information handling. Elizabeth also has a postgraduate degree in journalism. Follow on Twitter: You can follow Elizabeth on twitter at https://twitter.com/ElizabethHzone