FBI Blocked Iranian-Backed Cyberattack on Boston Children’s Hospital Last Year

June 02, 2022 - Federal Bureau of Investigation (FBI) Director Christopher Wray revealed that Iranian government-backed hackers attempted to execute a cyberattack against Boston Children’s Hospital in June 2021.

In a speech delivered at Boston College during the Boston Conference on Cyber Security, Wray called the incident “one of the most despicable” cyberattacks he had ever seen.

“We got a report from one of our intelligence partners indicating Boston Children’s was about to be targeted. And, understanding the urgency of the situation, the cyber squad in our Boston Field Office raced to notify the hospital,” Wray said.

“Our folks got the hospital’s team the information they needed to stop the danger right away. We were able to help them ID and then mitigate the threat. And quick actions by everyone involved, especially at the hospital, protected both the network and the sick kids who depend on it.”

The FBI successfully stopped the hackers before they did severe damage to the 400-bed hospital’s network. But the event highlighted the serious risks posed by government-sponsored cyber actors from Iran, Russia, China, and North Korea, Wray said.

The FBI and the Cybersecurity and Infrastructure Security Agency (CISA) alluded to the attack in November 2021, when they released an advisory warning the healthcare and transportation sectors about an Iranian government-sponsored advanced persistent threat (APT) group that had been exploiting Microsoft Exchange ProxyShell and Fortinet vulnerabilities.

The advisory detailed a June 2021 attack against an unnamed US children’s hospital and said that an advanced persistent threat (APT) group had accessed known user accounts from an IP address that the agencies associated with the Iranian government. The group exploited a Fortigate appliance to access environmental control networks associated with the hospital.

In the November advisory, the FBI and CISA urged organizations to patch and update operating systems, evaluate and update blocklists and allowlists, implement backup and restoration policies, and work to secure all accounts.

“Unfortunately, hospitals these days—and many other providers of critical infrastructure—have even more to worry about than Iranian government hackers,” Wray continued in his speech.

“If malicious cyber actors are going to purposefully cause destruction or are going to hold data and systems for ransom, they tend to hit us somewhere that’s going to hurt. That’s why we’ve increasingly seen cybercriminals using ransomware against U.S. critical infrastructure sectors.”

A joint advisory released in February 2022 by cybersecurity authorities in the US, Australia, and the UK underscored the vulnerability of critical infrastructure to cyberattacks.

CISA, the FBI, and the National Security Agency (NSA) observed ransomware attacks against 14 of the 16 US critical infrastructure sectors last year.

“Ransomware gangs love to go after things we can’t do without,” Wray acknowledged.