WASHINGTON (AP) — The FBI has foiled a planned cyberattack on a children’s hospital in Boston that was supposed to be carried out by hackers backed by the Iranian government, FBI Director Christopher Wray said Wednesday.
Wray told a Boston College cybersecurity conference that his agents learned of the planned digital attack from an unspecified intelligence partner and gave Boston Children’s Hospital the information it needed last summer to “block one of the most heinous cyberattacks that I’ve ever seen ”
“And quick action by everyone involved, especially at the hospital, protected both the network and the sick children who depended on it,” Wray said.
The FBI chief shared this anecdote in a broader speech on cyber threats from Russia, China and Iran and the need for partnerships between the US government and the private sector.
He said the office and Boston Children’s Hospital worked closely after a hacktivist attacked the hospital’s computer network in 2014. Martin Gottesfeld launched a cyberattack on the hospital to protest the care given to a teenager at the center of a high-profile custody battle; Gottesfeld was later sentenced to 10 years in prison. The attack on the hospital and a treatment home cost facilities tens of thousands of dollars and disrupted operations for days.
“Children’s and our Boston office already knew each other well – before the attack from Iran – and that made a difference,” Wray said.
He attributed no specific motive to the planned attack on the hospital, but noted that Iran and other countries have hired cyber mercenaries to carry out attacks on their behalf. Additionally, healthcare and the public health sector are classified by the US government as one of 16 critical infrastructure sectors, and healthcare providers such as hospitals are considered ripe targets for hackers.
When it comes to Russia, he said, the FBI “runs” to warn potential targets of preparatory actions hackers are taking for destructive attacks. In March, for example, the FBI warned that hackers had become more interested in energy companies since the start of Russia’s war against Ukraine.
Hackers from China have stolen more corporate and personal information from people in the United States than all other nations combined, as part of a broader geopolitical goal to “lie, cheat, and steal their way into global designation of global sectors.” said Wray.
The speech came as the FBI continues to fight ransomware attacks by criminal gangs, an ongoing concern for US officials, though there have been no crippling intruders in recent months.
Wray emphasized the need for private companies to work with the FBI to thwart ransomware gangs and nation-state hackers.
“Through these partnerships, we can hit our adversaries at every point – from the victims’ networks to the hackers’ own computers,” Wray said.
The FBI and other federal agencies have worked to reassure hacker victims that it is in their best interest to report break-ins and cybercrime. Many companies targeted by ransomware gangs often do not go to the FBI for a variety of reasons.
Ohio Senator Rob Portman, the top Republican on the Senate Homeland Security and Government Affairs Committee, released a report earlier this year criticizing the FBI’s response to some ransomware victims. In two cases, the FBI “prioritized its investigative and prosecuting efforts to disrupt attacker operations over victims’ need to protect data and mitigate harm,” the report said.
An unnamed Fortune 500 company told committee staff that the FBI had not offered “helpful assistance” in responding to a ransomware attack.
However, Wray cited the FBI’s ability to get a technically trained agent to any victimized company within an hour — “and we use it a lot.”
Suderman reported from Richmond, Virginia.
Follow Eric Tucker on Twitter at http://www.twitter.com/etuckerAP.
Copyright 2022 The Associated Press. All rights reserved.