Homeland Security Secretary Alejandro Mayorkas is warning that the next cyberattack could end up killing people — a dangerous and imminent shift from ransomware to "killware."
In an interview with USA Today, Mayorkas noted that the Colonial Pipeline ransomware attack in April, which shut down much of the gas supply along the East Coast, was distracting from a far more egregious hack.
"And that is an attempted hack of a water treatment facility in Florida, and the fact that that attack was not for financial gain but rather purely to do harm," he told the newspaper.
The hack almost led to the contamination of much of the water supply in Oldsmar, Florida, with a remote hacker attempting to increase the amount of sodium hydroxide 100 fold. The chemical, more commonly known as lye, is lethal at higher undiluted concentrations.
"The attempted hack of this water treatment facility in February 2021 demonstrated the grave risks that malicious cyber activity poses to public health and safety," Mayorkas told USA Today. "The attacks are increasing in frequency and gravity, and cybersecurity must be a priority for all of us."
Thanks to the rise of internet-connected devices all across America, hackers have far more potential weaknesses to exploit.
Eventually, cyber attackers could end up posing a very real threat. In a July report, security firm Gartner warned that "cyber attackers will have weaponized operational technology environments to successfully harm or kill humans" by 2025.
Even more worrying than the Oldsmar incident is the potential of hackers targeting hospitals. Such an attack could lead to patients suffering grave long-term consequences to their health and even risk dying.
Worse yet, private healthcare providers are often not reporting ransomware hacks to the government, according to USA Today.
Earlier this month, a woman sued a hospital after it failed to report a ransomware attack that reportedly led to the death of her newborn child. Hackers gained control over the Springhill Medical Center in Alabama back in 2019. The hospital never acknowledged the attack, according to The Wall Street Journal.
According to Gartner's report, it will soon make financial sense to take the threats seriously and take precautionary action.
"Even without taking the actual value of a human life into the equation, the costs for organizations in terms of compensation, litigation, insurance, regulatory fines and reputation loss will be significant," the report reads.
It's a troubling development that should serve as a warning sign. Many parts of the country's critical infrastructure are more vulnerable than ever — and lives are at stake.
READ MORE: The next big cyberthreat isn't ransomware. It's killware. And it's just as bad as it sounds. [USA Today]
More on cyberattacks: Cyberattack on Farming Group Could Lead to Food Shortages