Dive Brief:
- A Ukrainian national pleaded guilty last week for his role in two cybercrime schemes, including a ransomware attack against a Vermont hospital that limited operations for weeks.
- Vyacheslav Igorevich Penchukov helped lead a criminal group that infected computers with malware called IcedID or Bokbot, which could be used to collect personal information, like banking account credentials, or ransom victims, according to the Department of Justice.
- Ransomware has become a critical threat to the healthcare sector. The attack against the University of Vermont Medical Center in 2020 cost the hospital about $65 million, and cut off key functions for more than a month.
Dive Insight:
Penchukov, who was on the FBI’s Cyber Most Wanted List, pleaded guilty to one count of conspiracy to commit a Racketeer Influenced and Corrupt Organizations (RICO) act offense for his role in an earlier malware group, and one count of conspiracy to commit wire fraud for his leadership in the IcedID attacks.
He faces a maximum penalty of 20 years in prison for each count, according to the DOJ.
“Malware like IcedID bleeds billions from the American economy and puts our critical infrastructure and national security at risk,” U.S. Attorney Michael Easley for the Eastern District of North Carolina said in a statement.
The guilty plea comes as cyberattacks against the healthcare industry have spiked, pushing regulators to consider stricter cybersecurity requirements and release resources to help organizations boost their protections.
From 2018 to 2022, the HHS tracked a 278% increase in large data breaches reported to the Office for Civil Rights involving ransomware, a type of malware that denies users access to their data until a ransom is paid.
The attacks can disrupt hospital operations and delay patient care, which can be a serious safety threat.
After the University of Vermont Medical Center was hit by ransomware in October 2020, it took about a month for the hospital to regain access to its electronic medical records system, forcing the hospital to use paper instead, according to a report from VTDigger.
The medical center’s phone systems were also taken down in the early days of the attack, Stephen Leffler, president and chief operating officer of the University of Vermont Medical Center, said in a House subcommittee hearing last year.
The provider restored access to secure email after 25 days, and radiology viewing systems took 40 days to come back online, according to a report published last year by the HHS 405(d) program, which aims to provide cybersecurity best practices for the healthcare sector.
“The cyberattack was much harder than the pandemic by far,” Leffler said during the hearing.
