Death from ransomware, is it possible?

By Ivan Marzariolli *

If hackers attack an organization in the financial services, engineering or manufacturing sector, the risks are basically monetary. But when it comes to healthcare cybersecurity, in addition to financial risk, people’s health and well-being are also in danger.

In the United States, according to the Department of Health and Human Services, there was an almost 50% increase in health cybersecurity data breaches between February and May 2020, compared to 2019. It is believed to be the result of the pandemic caused by COVID-19, which brought about necessary radical changes and diverted the focus, putting extra pressure on already inadequate cyber security measures.

According to Natali Tshuva, CEO and co-founder of Sternum, an IoT – IoT cybersecurity company, “hackers know that the healthcare industry has cybersecurity flaws and that motivates them to create more attacks”.

If there is something that hackers like, it is a target that is ‘light’ and large, so complex organizations in sectors that are slow to adopt secure digital technologies are the preferred targets. These organizations generally have broad and mostly poorly defended attack surfaces (set of points at the edge of a system), which allows hackers many routes of entry to not only exfiltrate data, but also compromise services and systems. of hardware.

Overall, health care is one of the most visible and easy targets. Successful cyber attacks in hospitals often cause problems with patient data and routine workflows, such as scheduling medications, managing resources and other essential services.

How does healthcare deal with cyber risks?

A study by the Independent Security Evaluators (ISE) consultancy found that the industry focuses almost exclusively on protecting people’s health records and rarely addresses protecting patient health from the perspective of a cyber threat. With this focus, organizations perceive threat actors as ‘unsophisticated adversaries’, as individual hackers. ISE believes that these institutions ignore the potential for more sophisticated cyber attacks on hospitals by political groups of hackactivists, organized crime and terrorists who are highly motivated and well-funded and as a result several surfaces are left unprotected and the strategies of attack that can result in damages to patients, they are not taken into account ‘.

Cyber ​​attacks and a death

In September 2020, Universal Health Services (UHS), a network of hospitals and health services with more than 400 facilities in the U.S., Puerto Rico and the United Kingdom, was attacked by Russian ransomware ‘Ryuk’. This was not the first cyber attack on a UHS hospital. Security company Advance Intel through the Andariel intelligence platform reported that trojan malware infected Universal Health Services in the course of 2020.

Universal Health Services

The UHS network has not confirmed the details of the attack, but reports from UHS officials indicate that the attack was the result of a successful phishing expedition. The attack deactivated computers and telephone systems and forced hospitals to switch back to manual, paper-based systems to continue operations. They also had to redirect ambulances and move surgical patients to other unaffected facilities.

In general, in large and complex organizations, cleaning and restoring the system is not simple or fast. A UHS press release on 10/12/2020 announced “… we had no indication that any patient or employee’s data was accessed, copied or misused”. He also stated that operations returned to normal after a total of 16 days. That downtime cost more than $ 1,000,000 a day or more, which was a serious blow to UHS finances. It is not known whether the institution paid the ransom.

A cyber attack always has consequences for organizations, but when a ransomware hits the health segment, there is a real risk of death. In the case of UHS, there were unconfirmed rumors that four patients died because doctors had to wait for the results of laboratory tests delivered by couriers, instead of electronic delivery. While these are rumors, there is a known case of a patient who died due to a ransomware attack at a hospital in Europe in September 2020.

The note delivered by the ransomware showed that the intended target was not actually the hospital, but Heinrich Heine University. The police contacted the hackers through the instructions in the ransom note left by the malware and explained the error, after which the hackers withdrew their request and provided the decryption key. However, a patient with a serious illness referred to another distant hospital, died.

Protection of critical systems is essential

The key to protecting your systems from malware and phishing is to monitor and examine all network communications. Now that cryptography is becoming the norm for all Internet communications, observing “within” message flows requires new approaches and technologies for embedded threats to be detected and addressed before they can turn into disasters, especially in key segments. that involve people’s health.

* Ivan Marzariolli is Country manager at A10 NetworksCountry manager at A10 Networks.

Leave a Comment