FBI: Iran Behind Cyberattack on Boston Hospital

On June 1, FBI Director Christopher Wray alleged that Iran-backed hackers targeted Boston Children’s Hospital in “one of the most despicable cyberattacks” he has seen. Hackers attempted to infiltrate the facility’s computer network in June 2021, but the FBI warned the hospital, then helped identify and mitigate the threat in time. “Quick actions by everyone involved, especially at the hospital, protected both the network and the sick kids who depend on it.”

Iran’s U.N. mission called the allegation “baseless.” It is “an example of psychological warfare against Iran and thus of no value,” spokesman Shahrokh Nazemi told CNN. But Wray charged that the incident was one of several “sophisticated intrusions targeting U.S. victims.”

In November 2021, the U.S., Australian and British cybersecurity agencies issued a joint advisory chronicling a series of cyberattacks linked to Iran dating back to at least early 2021. Iranian government-sponsored hackers “are actively targeting a broad range of victims across multiple U.S. critical infrastructure sectors, including the Transportation Sector and the Healthcare and Public Health Sector, as well as Australian organizations,” the agencies warned in a statement released in all three countries. It detailed an attempted cyberattack on an unnamed children’s hospital in June 2021. In March 2022, Wray also mentioned an Iran-sponsored attack on a children’s hospital but did not name Boston Children’s Hospital. The following are Wray’s remarks on June 1, 2022 about the attack.

 

FBI Director Christopher Wray

Remarks as prepared for delivery on June 1, 2022:

“China and Russia aren’t the only nation states exhibiting malicious behavior on the international stage. Iran and North Korea also continue to carry out sophisticated intrusions targeting U.S. victims.

“In fact, in the summer of 2021, hackers sponsored by the Iranian government tried to conduct one of the most despicable cyberattacks I’ve seen—right here in Boston—when they decided to go after Boston Children’s Hospital.

“Let me repeat that, Boston Children’s Hospital.

“We got a report from one of our intelligence partners indicating Boston Children’s was about to be targeted. And, understanding the urgency of the situation, the cyber squad in our Boston Field Office raced to notify the hospital.

“Our folks got the hospital’s team the information they needed to stop the danger right away. We were able to help them ID and then mitigate the threat.

“And quick actions by everyone involved, especially at the hospital, protected both the network and the sick kids who depend on it.

“It’s a great example of why we deploy in the field the way we do, enabling that kind of immediate, before-catastrophe-strikes response.”