BOSTON – Iranian government backed hackers attempted a cyberattack against Boston Children’s Hospital in August 2021 which could have disrupted health care services, FBI Director Christopher Wray said Wednesday.
“In the summer of 2021 hackers sponsored by the Iranian government tired to conduct one of the most reprehensible cyberattacks I’ve ever seen – right here in Boston – when they decided to go against Boston Children’s Hospital,” Wray said.
According to the director, the FBI contacted the hospital on Aug. 10 of last year to advise them an attack by Iranian hackers was imminent.
“We got a report from one of our intelligence partners indicating Boston Children’s was about to be targeted and understanding the urgency of the situation the cyber squad in our Boston field office reached out to the hospital. Our folks got the hospital team the information they needed to stop the danger,” Wray said.
Over the next 10 days, according the the Bureau, the Boston Division met with representatives from the hospital seven times, “to provide support to Boston Children’s Hospital and address any concern with the (advanced persistent threat) actors’ activity.”
An advanced persistent threat is one which sits on a computer network, sometimes for years, before finally activating and providing bad actors access to systems. The term is generally used to describe activity by hackers with connection to a government.
“ATP actors have historically exploited critical vulnerabilities to conduct distributed denial of service (DDoS) attacks, ransomware attacks, structured query language (SQL) injection attacks, spear phishing campaigns, website defacements, and disinformation campaigns,” the FBI said in a release.
According to Wray, the work to prevent Iranian backed hackers from harming hospital resources began years ago during a different cyber attack. That partnership, he said, enabled the FBI to quickly deal with this threat, and it’s one he hopes other businesses will consider.
“We rely on companies to work with us … the way Boston Children’s Hospital did,” he said.
“Thanks to the FBI and our Boston Children’s Hospital staff working so closely together, we proactively thwarted the threat to our network,” a spokesperson for the Hospital told the Herald.
Wray highlighted the 2021 attack and the FBI’s partnership Wednesday morning at Boston College, where he was the keynote speaker during the school’s annual conference on cybersecurity.
He was joined by FBI Boston Division Special Agent-in-Charge Joe Bonavolonta, who said attacks like those threatening Boston Children’s are happening more and more often.
“Last year, across the United States, the FBI saw an unprecedented increase in malicious cyber activity,” he said.
He said the nation as a whole reported over $7 billion in losses due to cyber criminal activity.
“Here in the FBI Boston Division’s area or responsibility, which covers Maine, New Hampshire, Massachusetts and Rhode Island, victims reported losses of more than $184 million,” he said.
According to Bonavolonta, that is most likely the tip of a much larger iceberg.
“We know actual losses are much higher than that because not everyone reports these compromises to us,” he said.
Wray hopes that will change.
“You can rely on us to try and help you,” he said.
