Source: Nipiphon Na Chiangmai via Alamy Stock Photo
Using a tactic known as "swatting," threat actors are targeting medical institutions via their patients, in order to convince hospitals to pay ransom demands.
Swatting is an extreme form of prank-calling in which calls are repeatedly made to the police about a certain individual — in this case patients — regarding bomb threats or other highly concerning allegations, leaving authorities no choice but to show up at these unknowing victims' homes heavily armed.
These threat actors seem to think that putting this kind of pressure on US hospitals will force a ransom payment if it means patients will stop being targeted, such as when medical records were stolen from Fred Hutchinson Cancer Center in Seattle last November. The threat actors in that case threatened to heighten the stakes by targeting the center's patients with the swatting technique.
"Fred Hutchinson Cancer Center was aware of cybercriminals issuing swatting threats and immediately notified the FBI and Seattle police, who notified the local police," a spokesperson stated. "The FBI, as part of its investigation into the cybersecurity incident, also investigated these threats."
Similarly, Integris Health in Oklahoma experienced its own cyber-incident where threat actors potentially accessed personal data of patients. Some of them ultimately began to receive emails from threat actors preparing to sell their personal information if demands were not met.
These extreme measures of extortion are only part of an escalation of tactics that cyber professionals have tracked over the years, though it's dependent on each institution whether these tactics actually result in a ransom payment.