INTERPOL Issues Warning About Increase in Ransomware Attacks on Hospitals

Hospitals, research facilities and other healthcare organizations on the front line in the fight against the 2019 Novel Coronavirus and Covid-19 are not only facing incredible challenges treating patients, they are also having to fend off ransomware attacks.

Some threat groups have publicly stated that they will not be attacking healthcare organizations during the COVID-19 public health emergency, but there are still some highly active groups that are targeting the healthcare industry.

The threat of attack has grown in recent weeks. INTERPOL’s Cybercrime Threat Response announced it “has detected a significant increase in the number of attempted ransomware attacks against key organizations and infrastructure engaged in the virus response.”

The rise in attacks prompted INTERPOL to release a Purple Notice to all 194 member countries warning of the increase in attacks. INTERPOL is gathering intelligence on the threat actors conducting the attacks and has stated that it is helping healthcare organizations to prevent attacks and recover quickly when attacks succeed.

Attacks on hospitals often result in the encryption of patient data, including medical records. Without access to data and hospital IT systems, patients’ lives are placed at risk. At such a critical time when healthcare organizations are struggling to cope with the number of critically ill COVID-19 patients, any disruption caused could directly lead to patient deaths.

“INTERPOL continues to stand by its member countries and provide any assistance necessary to ensure our vital healthcare systems remain untouched and the criminals targeting them held accountable,” said INTERPOL Secretary General Jürgen Stock.

INTERPOL warned that the majority of ransomware attacks on healthcare organizations involve the delivery of malware payloads via malicious attachments in spam email. Ransomware is either downloaded directly by malicious code in the attachments or as a secondary payload downloaded by other malware variants delivered via email.

Some ransomware gangs are exploiting vulnerabilities in software and attacks have been conducted on vulnerable VPN devices and clients, so prompt patching is essential.

INTERPOL’s advice is to ensure that all software, hardware, and operating systems are kept up to date, that all data is backed up and stored on an air-gapped device, and to ensure antivirus software is downloaded on all systems and mobile devices, and that virus definitions are kept up to date and the antivirus software is always running. Strong, unique passwords should set to prevent brute force attempts to guess passwords and those passwords should be changed regularly. Staff should also be trained not to open email attachments or to click links in emails in unsolicited emails.

Author: Richard Anderson

Richard Anderson is the Editor-in-Chief of