EXECUTIVE SUMMARY:

In first world countries, the prospect of a few home-bound hackers hobbling a uniquely complex, behemoth of a hospital and healthcare system may seem far off. 

However, yesterday evening, US federal agencies announced that as many as 400 hospital systems and healthcare providers are at risk of an “increased and imminent cyber crime threat”. The attackers are likely to deploy ransomware that will freeze computers and connected devices. Facilities under attack are expected to be unable to operate normally. 

“We expect panic,” stated a hacker connected to the attacks. 

Four American hospitals have reported cyber attacks this week, leading to ambulance diversions and delays in care. 

How many cyber attacks have US healthcare and hospital systems seen this year?

Broadly speaking, ransomware attacks have seen a sharp increase this year, and the global pandemic renders hospital systems and healthcare facilities more vulnerable than ever before. 

Since July, hospitals in New York, Michigan, Oregon, Ohio and Nebraska struggled with ransomware attacks. 

Year to date, a total of 59 US providers/systems have experienced ransomware attacks. As a result, 510 medical facilities saw impact. Patient care was disrupted across facilities. 

Image courtesy of The Verge

Could delayed care caused by cyber threats result in fatalities?

Yes. Cyber attacks can result in life-or-death situations. Recently, an ambulance in Dusseldorf was redirected to another facility due to a cyber attack. The patient did not make it. 

Should hospitals postpone surgeries that involve IoT-based tools?

It’s an open question. 

How can hospital and healthcare groups recognize the beginning of an attack? 

Attacks may be delivered in the form of emails that mimic standard corporate communications. These emails may contain Google Docs or PDFs with malicious links. 

Alternatively, ransomware may start with other types of computer infections. Trickbot, Emotet, Dridex and CobaltStrik. Security professionals should be sure to remove these as soon as they emerge. 

Who’s behind these hospital system and healthcare focused plots? 

“The hackers are…the same group behind TrickBot” reports the New York Times. A few short weeks ago, both the United States Cyber Command and Microsoft tag-teamed to take down this group. However, it appears that the TrickBot operators have transitioned to new tools and techniques. 

What else are experts saying about this?

Experts posture that the latest hospital attacks may be retaliation for US attempts to dismantle TrickBot servers. 

An alternative explanation is that the hackers want to hurt America and that hospital system and healthcare facility cyber attacks will hurt Americans even more than an election oriented cyber attacks. Cyber security expert Charles Carmakel labeled the attempts as “terrorism, really”. 

Basic steps that hospital and healthcare facilities should take to protect themselves:

  1. Stay vigilant about monitoring for attacks during weekends and holidays. Across the past year, the majority of ransomware attacks took place during these periods of time, when employees were likely to be distracted and inattentive. 
  2. Federal authorities suggest patching older software versions, however, this maneuver may be challenging for hospitals due to system requirements. Use the latest IPS packages as virtual patching to the most recent available exploits.
  3.  Be sure that your organization has an anti-ransomware tool with a remediation feature. This can make a huge difference in terms of the outcome of a ransomware attack.
  4. Educate your users. User education is one of the most important aspects of safeguarding against ransomware. 

For more on this story, visit this blogReuters or the Associated Press

Did you find this story informative? Sign up for the Cyber Talk Newsletter to receive similar content delivered straight to your inbox.