The Russian hackers, believed to be based in Moscow and St. Petersburg, have been trading a list of more than 400 hospitals they plan to target, according to Alex Holden, the founder of Hold Security, who shared the information with the F.B.I. Mr. Holden said the hackers claimed to have already infected more than 30 of them.
On Wednesday, three government agencies — the F.B.I., the Department of Health and Human Services and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency — warned hospital administrators and security researchers about a “credible threat” of cyberattacks to American hospitals, according to a security executive who listened to the briefing.
Officials and researchers did not name the affected hospitals, but Sonoma Valley Hospital in California said it was still trying to restore its computer systems after an intrusion last week. St. Lawrence Health System in New York confirmed that two of its hospitals, Canton-Potsdam and Gouverneur, were hit by ransomware attacks Tuesday morning that caused them to shut down computer systems and divert ambulances. Sky Lakes Medical Center in Oregon was also crippled by a ransomware attack Tuesday that froze electronic medical records and delayed surgeries, a hospital representative said.
Employees at that hospital, in Klamath Falls, Ore., were told, “If it’s a P.C., shut it down,” said Thomas Hottman, the public information officer at Sky Lakes.
It was unclear whether those attacks were related to the hacking campaign underway. But the latest breaches were linked to the same Russian hackers who held Universal Health Services, a giant network of more than 400 hospitals, hostage with ransomware last month in what was then considered the largest medical cyberattack of its kind.