Threat Intel: Johnson Controls International (JCI) Hit by Ransomware Attack

Vicki Michaeli
Sep 29, 2023
Threat Intelligence

Ransomware Attack Information

Johnson Controls International (JCI)  has suffered what is described as a massive ransomware attack that encrypted many of the company's devices, including VMware ESXi servers, impacting the company’s and its subsidiaries’ operations.

Systems & Assets Affected in Healthcare Environments

JCI is one of the most common vendors in the building automation space that operate in healthcare organizations. So far, the breach seems limited to the company and several of its subsidiaries. At this time there appears to be no impact on systems installed in customer sites. The impact on customers has so far been limited to JCI-operated systems such as customer support portals. 

Widespread impact on the healthcare community is unlikely, but would introduce critical issues if they were to occur. Namely, the disruption of JCI building management systems such as HVAC would directly affect patient care.

Cynerio is actively monitoring customer environments for indicators of JCI-related attacks and will notify customers directly in the event of a suspected incident.

How Are Organizations Being Targeted?

Threat actors are actively targeting Operations Technology (OT) and Control Systems (CS) in several ways:

  • Spearphishing
  • Deployment of commodity ransomware
  • Connecting to Internet-accessible PLCs and modifying control logic and parameters
  • Downloading modified control logic and hacking controllers via ports and standard application layer protocols
  • Exploiting vendor software to get unauthorized access

How Can This Impact Health Care?

A breach can directly impact clinical workflow and the ability to deliver critical medical care:

  • OT networks and communications can become unavailable or be rendered inoperable
  • Organization-wide workflow disruptions
  • Loss of access by authorized personnel
  • Damage to productivity jeopardizes patient safety and confidentiality, can compromise business integrity, and result in significant revenue losses

How Can Cynerio Help Mitigate the Threats?

Step 1: Deploy Attack Detection & Response to detect and respond to ransomware and other attacks

Step 1: Ensure uninterrupted medical services and organizational workflow by documenting impact of systems and assets before potential disconnection

Step 2: Inform disconnection of low-priority functionalities from systems to decrease risk

Step 3: Harden your network with North-South and East-West segmentation, vendor access management, software updates, and patching

Step 4: Create a network map of all connected devices, including OT systems and assets

Step 5: Conduct continuous monitoring and cyber risk assessments

Cynerio is offering a free risk assessment for healthcare organizations who may be affected. To schedule a free risk assessment for your healthcare network, contact us today.

Schedule Your Free Risk Assessment>>

Keep your finger on the pulse of Healthcare IoT security

Get Your Free Pass to HIMSS21

August 9 -13, Las Vegas

HOW? Easy! If you are a Healthcare IT Executive and you book a 30-minute call with us before July 30th, you get a free pass (valued at $1295)

Book a Call

*Please note that there is limited pass availability