Washington – Iranian-backed hackers launched an unsuccessful cyber attack against Boston Children’s Hospital in the summer of 2021, FBI Director Christopher Wray revealed Wednesday.
Speaking at a cybersecurity conference hosted by Boston College, Wray said when the FBI was alerted to malicious activity by an “intelligence partner,” agents in the Boston Field Office “raced” to identify and mitigate the threat.
The foiled attack, which could have involved an array of threats — a system-wide shutdown that could have affected care of children who were patients at the hospital or ransom demands — was planned by hackers who were deemed an “Advanced Persistent Threat” by the bureau and linked to Iran, according to an government official familiar with the matter.
Iran’s attempted hack was “one of the most despicable cyberattacks I’ve seen,” Wray said, adding the “quick actions by everyone involved, especially at the hospital, protected both the network and the sick kids who depend on it.”
The FBI had very little lead time to defend against the attack, according to a government official familiar with the matter, but the FBI was in touch with the children’s hospital shortly after being alerted.
Working with the FBI and its own cybersecurity division, Boston Children’s was able to thwart the attack. A senior government official says investigators are not aware of any entry by the hackers made into the hospital’s computers.
Wray told attendees at the cyber conference that the FBI’s quick work and partnership with the hospital is a testament to the importance between the private sector and federal investigators in stopping malicious and often state-sponsored cyberattacks.
“Thanks to the FBI and our Boston Children’s Hospital staff working so closely together, we proactively thwarted the threat to our network,” the hospital said in a written statement.
Ransomware attacks also have long-term negative impacts on hospitals, according to the Cybersecurity and Infrastructure Security Agency (CISA).
An analysis released by CISA, last October, highlighted a troubling relationship between cybersecurity intrusions and loss of life, particularly among hospitals that have reached “crisis standards of care” in states forced to ration resources after ICU beds filled up amid the pandemic.
The attacks also complicate long-term patient care as hospital staff are led to spend “more time tracking a patient’s health history.”
“Downstream effects include canceled or delayed surgeries and cancer treatments, closure of several COVID-19 test collection sites, inability to submit radiology imaging and loss of communication between hospitals in the network,” the report found. “This forced critical patient diversion, paper-based record keeping and suspension of care to high risk patients.”
The intent of the hackers remains unclear.
In March, Wray called out Iranian government-linked hackers for launching a cyberattack on a children’s hospital. But in a significant disclosure Wednesday, the FBI director revealed that the hospital was Boston Children’s, Wednesday.