Iranian government-backed hackers were behind an attempted hack of the Boston Children’s Hospital computer network last year, FBI Director Christopher Wray alleged Wednesday, calling it “one of the most despicable cyberattacks I’ve ever seen.”
The FBI was able to help thwart the hackers before they did damage to the hospital’s computer network, according to Wray, but he cited it as an example of the potential high-impact hacking threats that the US faces from the governments of Iran, Russia, China and North Korea.
“We cannot let up on China or Iran or criminal syndicates while we’re focused on Russia,” Wray said in a speech at Boston College.
The hack, which took place in June 2021, saw the attackers exploit popular software made by California-based firm Fortinet to control the hospital’s computer network, according to US officials.
Boston Children’s Hospital is a more than 400-bed facility and is considered one of the premier pediatric centers in the US.
The FBI got a tip about the Iranian hackers from a “valued partner within the intelligence community,” and the activity was thwarted before it was clear what the hackers’ end goal on the hospital’s network was, according to Joseph Bonavolonta, the special agent in charge of the FBI’s Boston Field Office.
“There was no ransomware deployed,” Bonavolonta told reporters Wednesday, “and we were able to work with [the hospital] ahead of time to mitigate any of the other potential associated threats to the network.”
Wray had previously said in March that the Iranian government-linked hackers were behind a cyberattack on a children’s hospital, but he didn’t name the hospital.
“Thanks to the FBI and our Boston Children’s Hospital staff working so closely together, we proactively thwarted the threat to our network,” Kristen Dattoli, a spokesperson for the hospital, said in a statement.
Shahrokh Nazemi, a spokesperson for Iran’s Permanent Mission to the United Nations, called the FBI claim a “baseless allegation” and “an example of psychological warfare against Iran and thus of no value.”
Ransomware and other hacking threats have stalked the health care system for years — and appear to have gotten worse during the coronavirus pandemic.
There were 134 publicly reported ransomware incidents involving health care organizations in 2021, up from 106 incidents in 2020, according to threat-intelligence firm Recorded Future.
The Boston Children’s Hospital incident was one of several that prompted a public warning last November from the FBI and other agencies that Iranian government-backed hackers were targeting a range of organizations across the transportation and health care sectors.
The advisory was a rare case of the US government publicly linking Iran with ransomware, which is typically used by cybercriminals rather than governments. But US officials and private analysts have long warned of collusion between foreign governments and criminal hacking groups.
When it comes to potential Russian hacking threats to the US, the FBI has been on a “combat tempo,” with a 24/7 command post, during the Kremlin’s war in Ukraine, Wray added.
“We’ve seen the Russian government taking specific preparatory steps towards potential destructive [cyber]attacks, both here and abroad,” he added.
Such a “destructive” hack — in which data or systems are destroyed — hasn’t been reported in the US since Russia’s invasion of Ukraine. But suspected Russian hackers have conducted a slew of destructive hacks in Ukraine, and US officials are warning businesses to not let their guard down.
The same network access gained by Russian operatives to collect intelligence could be used for a destructive hack, Wray warned. “That’s why, when it comes to Russia today, we’re focused on acting as early – as far ‘left of boom,’ as they say – as we can.”
“We’re watching for their cyber activities to become more destructive as the war keeps going poorly for them,” Wray said Wednesday.
This story has been updated with comment from Iran’s Permanent Mission to the United Nations.