Feds warn of rising threats against health care sector, doctors among assassination targets

CHICAGO (WLS) -- U.S. Homeland Security officials are warning of a growing tide of threats and violence targeting hospitals, doctors and the full spectrum of health care properties and providers.

The alert comes after a major cyberattack on Chicago's Lurie Children's Hospital on Jan. 31 took offline the hospital's main computer network, and affected medical and administrative functions, for weeks.

A cyberextortion group believed to be based in Russia called Rhysida has claimed responsibility for the cyberattack in underground or dark web forum posts.

In a post that cybersecurity experts shared with the I-Team, Rhysida is offering to sell Lurie Children's data to the highest bidder, with the auction starting at 60 bitcoins or $3.7 million.

RELATED: Lurie Children's Hospital officials confirm cyberattack came from 'known criminal threat'

Allan Liska, a cyberthreat analyst and ransomware researcher for the intelligence gathering company Recorded Future, has been monitoring Rhysida's actions.

"They're one of the smaller ransomware groups, but they're still responsible for at least 80 publicly reported attacks and likely a lot more," Liska said.

While fallout from the Lurie Children's Hospital attack is still being felt, the new warning from the Department of Homeland Security says health care institutions need to be on alert for "malicious cyber actors [that] target the Healthcare and Public Health Sector for financial gain, cyber espionage purposes or ideological reasons."

"[Health care facilities] are a prime target for ransomware groups. Not just politically, but also because health care garners a lot of attention," Liska said. "And because they're so critical, a lot of the ransomware operators think that they're more likely to get paid by hitting a health care facility."

Liska said the DHS warning highlights the need for health care sector officials to stay alert on specific computer system vulnerabilities and address them immediately.

"Ransomware groups are very quick to exploit vulnerabilities in healthcare systems -- software and web based utilities that are used by healthcare providers," Liska explained. "When ransomware actors see that there is a vulnerability announced, they're very quick to weaponize those vulnerabilities. And that means that patching those vulnerabilities becomes priority."

In the new health care alert, authorities report threats have now expanded from primarily COVID-related targets to ideological victims highlighted by abortion and threats against gender-affirming care facilities.

Violent agendas can span targets.

In 2017, an abortion clinic in central Illinois was hit by firebombs, and the downstate domestic terror group behind it, known as White Rabbits, bombed a mosque in Minnesota a few months later.

DHS officials are warning that since the pandemic era, there's also been a surge in "hoax bomb threats against hospitals" and even "calls to execute particular physicians, public officials, or pharmaceutical executives."

Liska tells the I-Team these types of threats aren't going away anytime soon, and the government needs to provide better funding for health care security.

"We also need to raise the stakes against ransomware groups," Liska said. "We need to set a line that shows that this is an unacceptable kind of attack. In any other context, an attack against a health care provider, or hospital specifically, is considered out of bounds."