Cyber Incident Victim: Wyckoff Heights Medical Center
Date:
Oct 2020
Location:
United States of America
Summary
Wyckoff Heights Medical Center suffered a Ryuk ransomware attack that encrypted numerous devices, prompting partial network shutdowns to contain the infection. The incident disrupted operations at the Brooklyn-based hospital, though specific impacts on patient treatment or potential diversions remained unclear. This attack was part of a broader campaign targeting U.S. healthcare entities, attributed to the Eastern European threat group UNC1878, which aimed to compromise hundreds of hospitals. Concurrently, multiple facilities within the University of Vermont Health Network experienced cyberattacks causing appointment delays and elective procedure rescheduling, though critical care services were maintained. Federal agencies issued warnings about the heightened ransomware threat, noting a significant surge in attacks against the healthcare sector during this period.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
On October 28, 2020, Wyckoff Heights Medical Center, a 350-bed teaching hospital in Brooklyn, New York, suffered a Ryuk ransomware attack attributed to the Eastern European cybercrime group UNC1878. The attack encrypted numerous devices across the hospital's network, forcing administrators to shut down portions of their infrastructure in an attempt to contain the infection. Despite these containment efforts, the ransomware had already propagated widely before mitigation actions were implemented. The encryption of critical systems disrupted normal operations, though specific details regarding affected medical equipment, patient data compromise, or financial demands were not publicly disclosed by the hospital. BleepingComputer confirmed the incident through direct communication with a hospital employee, but Wyckoff administration did not respond to requests for comment regarding operational impacts, potential patient diversions, or treatment delays.
This incident occurred amid a coordinated ransomware campaign targeting U.S. healthcare providers, with the Cybersecurity and Infrastructure Security Agency (CISA) issuing an emergency alert on October 28 warning of "increased and imminent" threats to hospitals. UNC1878, identified by Mandiant as the perpetrator group, reportedly intended to attack hundreds of healthcare facilities. Concurrent attacks affected the University of Vermont Health Network—forcing rescheduling of elective procedures at its Burlington facility—along with Sky Lakes Medical Center and St. Lawrence Health System. Check Point Research documented a 71% surge in U.S. healthcare ransomware attacks during October 2020, with Ryuk specifically noted for decryption flaws that risked file corruption. Cybersecurity firm Emsisoft publicly offered free recovery assistance to healthcare providers during the pandemic, including optimized decryption tools to mitigate risks from the ransomware's inherent technical deficiencies. The FBI collaborated with affected institutions on investigations, though no resolution details or recovery timelines for Wyckoff were disclosed in available reports.