As if having to deal with the COVID-12 pandemic wasn’t enough, hospitals now have to defend against targeted ransomware. Attacks have gotten more complex, and not they even endanger patient safety.
Universal Health Services reported back in September an infection with the infamous Ryuk ransomware, which locked up several computers for days, delaying lab results, and making doctors revert to using pen and paper. “No patients died tonight in our [emergency room] but I can surely see how this could happen in large centers due to delay in patient care,” stated an employee of UHS.
Around the same time, a hospital of Dusseldorf University was attacked by ransomware, which resulted in a patient’s death.
These attacks happened even though several ransomware gangs pledged not to target any medical institutions. However, in October, the number of attacks grew so much that multiple U.S. government institutions, including the FBI, issued a warning about “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.”
The increased number of attacks exposed the lack of security awareness of hospitals’ employees. The American Hospital Association reported an increased number of COVID-19 themed phishing attacks, with special offers for masks and ventilators. Even worse, most hospitals don’t have backups and losing patient information is the biggest threat to their safety.
“As healthcare pays ransoms and the large dollar amounts they pay are highlighted in the news, this becomes an indication that this is a sector that is willing to pay. Attackers set their targets and evolve their techniques where they feel they will be most successful,” according to Heather Paunet, senior vice president at Untangle.
Check the source.
Read More
Attribution:
Photo by Marcelo Leal on Unsplash
