US Hospitals Close Doors After Ransomware Attack

CyberCrimeSecuritySecurity Management
ntt

Hospitals in the United States and Australia feel the affects of ransomware attacks, which forces admission closure

Alabama is feeling the effects of a ransomware attack after three hospitals in that US state temporarily closed their doors to the admission of new patients.

The admission came in a statement from DCH Health System, which operates the three affected hospitals in Alabama.

“The three hospitals of the DCH Health System have experienced a ransomware attack,” said the statement. “A criminal is limiting our ability to use our computer systems in exchange for an as-yet unknown payment.

Criminal act

It announced that DCH Regional Medical Center, Northport Medical Center and Fayette Medical Center had closed their doors all but the most critical new patients.

Later that day it updated its statement, and said that routine operations would go ahead as normal.

“Elective procedures and surgical cases scheduled for Wednesday, Oct. 2, will proceed as planned,” the group said. “For the time being, we will continue to divert any new admissions, other than those that are critical, to other facilities.”

It said that it was working with Federal authorities, vendors and consultants to restore its systems.

The US state of Texas recently had to contend with a ransomware attack, after small local government departments had their IT systems knocked offline after a “co-ordinated” ransomware attack “from one single threat actor”.

It then emerged t the hackers were demanding $2.5m ransom from local authorities in Texas, in exchange for the key that decrypts the locked files, but Texas refused to pay.

A string of ransomware attacks on school networks in the US state of Louisiana in July led to Governor John Bel Edwards to declare a ‘state of emergency’ in order to give the state access to assistance from federal and public bodies.

Aussie attacks

Meanwhile, seven hospitals in Australia have also reported ransomware attacks, described as a ‘cyber health incident’.

“The information technology systems at a number of hospitals and health services in Gippsland and south-west Victoria have been impacted by a cyber security incident,” announced the government of the Australian state of Victoria on Tuesday.

“Hospitals have isolated and disconnected a number of systems such as internet to quarantine the infection,” it said. “The priority is to fix all affected systems and prevent any further compromise.”

“This isolation has led to the shutdown of some patient record, booking and management systems, which may impact on patient contact and scheduling,” the Australian state added. “Where practical, hospitals are reverting to manual systems to maintain their services.”

Expert view

Security expert lamented the fact that ransomware is targeting places that provide care for society.

“The ability for hospitals to provide constantly available care is a foundation of the society we live in, but this also makes them a huge target for hackers with the intent on causing disruption and forcing them into handing over fund,” said Cath Goulding CISO at Nominet.

“The impact of these latest ransomware attacks is being instantly felt by the public, as they are unable to attend appointments or go to their local hospital,” said Goulding. “It is vital that we improve protection for these critical services.”

“Identifying malware and phishing attacks early is critical to mitigating the risk of ransomware attacks, and this is where utilising insight into network traffic can be so valuable,” she added. “Alongside this, good cyber hygiene is hugely important to improving workforce resilience to an attack, for example, not opening suspicious attachments, or clicking links unless you know they are legitimate.”

“IT teams also need to ensure that system patches are kept up to date and backups are used to enable critical services to be resumed as soon as possible,” she added. “This layered approach to security is fundamental in the plight against ransomware attacks.”

Another expert pointed out that patient data is also an attractive target for online criminals.

“Ransomware infections pose a more significant risk to healthcare organisations than entities in many other sectors due to the need for consistent, near real-time access to patient data and the potential for harm to patients should organisations lose access to important files, systems, and devices,” said David Grout, CTO of EMEA at FireEye.

“These attacks, which we class as “disruptive and destructive threats” typically fall into two categories – either targeted activity such as ransomware delivered post-compromise, or less frequent but widespread nation-state-originated threats like WannaCry that hit poorly secured infrastructure,” said Grout. “While no group or individual has taken responsibility for this activity yet, the fact that it is localised to three hospitals in one group suggests this falls into the first category of a targeted attack.”

“To reduce the impact from ransomware infections, organisations, particularly those that require high availability like hospitals, should have not only have robust backup policies and implementations, but also redundant and properly segmented isolated networks (zones) and systems,” Grout concluded. “This could assist in cases where one segment of a network or one set of devices has become compromised, as it could potentially allow other systems and data to remain protected and able to operate in at least a limited capacity during remediation efforts.”

City attacks

In May a ransomware attack crippled local government services in the city of Baltimore.

That city refused to pay the hackers, despite email accounts being disabled and online tax payments unable to be processed.

That city estimated losses of around $18m (£15m) from the attack. The hackers had demanded $100,000 worth of Bitcoin.

But other US cities have opted to pay.

Florida-based Lake City has a population of over 12,000 people, and it opted to pay hackers after a ransomware attack.

The Lake City decision to pay the hackers $500,000 (£394,000) was aided by the fact that insurance would cover most of the ransom.

It came after the council of another city in Florida (Riviera Beach City) voted unanimously to pay hackers $600,000 who took over their computer systems via a ransomware attack earlier this year.

Do you know all about security? Try our quiz!

Author: Tom Jowitt
Click to read the authors bio  Click to hide the authors bio