Boston Children’s Hospital was target of cyberattack thwarted by FBI

An August 2021 state-sponsored cyberattack on Boston’s Children’s Hospital was stopped in its tracks by a quick federal response, FBI Director Christopher Wray revealed on June 1.

The close call is evidence of the risks posed by nation state actors, said Wray, who was speaking at the Boston Conference on Cyber Security.

“In the summer of 2021, hackers sponsored by the Iranian government tried to conduct one of the most despicable cyberattacks I’ve seen – right here in Boston – when they decided to go after Boston Children’s Hospital,” said Wray.

“We got a report from one of our intelligence partners indicating Boston Children’s was about to be targeted,” he said. “And, understanding the urgency of the situation, the cyber squad in our Boston Field Office raced to notify the hospital.

“Our folks got the hospital’s team the information they needed to stop the danger right away. We were able to help them ID and then mitigate the threat.” he added.

The 395-bed facility Boston Children’s Hospital confirmed to Reuters that its work with the FBI had “proactively thwarted the threat to our network.”

Earlier this spring, Wray had alluded to “hackers sponsored by the Iranian government [compromising] a U.S. children’s hospital,” but these were his most specific comments on the incident yet. 

According to a report from Boston’s WCVB the FBI first learned of the attempted attack “from another intelligence agency.” The bureau contacted the hospital on August 3, 2021, and, over a 10-day period, worked with the hospital in response to the threat, according to the station.

In his comments at Boston College, Wray said the incident is another real-world example of the meddling that geopolitical adversaries are capable of, and illustrative of the cybersecurity risk posed by nation state actors.

“We’ve got to hold the line on multiple fronts – all at once – to help people and businesses protect themselves, to support victims, and to inflict costs on criminals,” he said. “And we can’t let up on China or Iran or criminal syndicates while we’re focused on Russia. So that’s what we’re doing, taking on all these threats and shifting resources quickly to respond.”

This is not the first time Boston Children’s Hospital has had to fend off a major cyberattack. One of its previous experiences could not be nipped in the bud like this one.

In 2014, the hospital famously had to spend more than a week fighting back against a massive and sustained DDoS attack from the hacktivist group Anonymous. (Watch a video of Boston Children’s then-CIO, Dr. Daniel Nigrin, discussing the attack here.)

The FBI can be a hugely helpful resource when hospitals are dealing with the immediate response to ransomware or other attacks. I recently spoke with two special agents, who offered some advice about when and how to engage with the Bureau during a cyber incident.

Meanwhile nation states and others are still probing healthcare organizations and looking for areas to exploit. This past November, the Cybersecurity and Infrastructure Security Agency issued an alert for an Iran-sponsored hacker group targeting healthcare.

As the Russia-Ukraine war drags on, federal agencies say U.S. healthcare organizations need to be “shields up” to mitigate against potential foreign threats.

“It’s possible Iran aimed to disrupt and harass U.S. targets in a manner similar to what they have been doing in Israel,” said John Hultquist, VP of Mandiant Intelligence, in a statement sent to Healthcare IT News in response to the Boston news.

“Iranian actors are using criminal methods like ransomware and data leaking to target vulnerable populations in targeted countries,” he explained. “This incident is similar in many respects to an intrusion which targeted an app used by the LGBTQ community in Israel. These methods allow Iran to carry out regular cyberattacks under the façade of normalized criminal activity.”

“The terrifying reality of the Boston Children’s Hospital cyberattack is that there are motives behind these types of despicable cyberattacks,” said Alon Nachmany, field CISO of AppViewX, in another statement sent to HITN.

“While some countries rely on cyber warfare for political gain, other countries, including North Korea, Iran and now Russia, rely on hacking for income. In fact, an estimated 8% of North Korea’s 2020 GDP was from cybercrime.”

Twitter: @MikeMiliardHITN
Email the writer: [email protected]

Healthcare IT News is a HIMSS publication.