Hospitals face rising ransomware attacks, endangering patient care.

A surge ⁢of ransomware attacks at hospitals across America are posing a serious⁣ risk ‌to both important hospital ⁤infrastructure and patient care, according‌ to industry leaders​ and cybersecurity experts.

Testimony Reveals Devastating ‌Impact of Ransomware ​Attacks on Hospitals

On Wednesday, University of Vermont Medical Center‍ President‍ and COO Stephen Leffler testified before a congressional panel on how a ransomware attack‍ in October 2020 placed the medical‌ facility in a state of‍ crisis. Leffler described the chaos ⁤that ensued, with critical systems down​ and⁢ staff resorting to walkie-talkies and ‍paper records to continue patient ⁤care.

“We didn’t have a phone‍ system, because our phone is on the internet,” Mr. Leffler said at the⁣ hearing. “We ⁢literally ‌went to ‌Best ‌Buy and bought every walkie-talkie they had and I asked administrators all to run lab results to​ the floor. Our critical⁢ lab results system ‍was down. On day‌ two, we had ⁢a pile⁣ of paper lab results in our pathology conference room about six inches thick.”

Related Stories

• Clorox Products To Remain in⁤ Shorter​ Supply Following Cyber Attack in ⁢August – 9/20/2023
• National Cyber Force Offers Bursaries Amid ⁢’Battle for Digital Talent’ – 9/13/2023

Leffler emphasized the‍ severity of ⁤the cyberattack, stating, ​”I’ve been an emergency medicine doctor⁤ for 30 years. I’ve‍ been a hospital president for four years. The ‍cyberattack was much‍ harder than ⁣the pandemic by far.”

The ​hospital ‌had to invest⁢ $65 million in recovery efforts and has since implemented measures to enhance ‍its IT system’s security, including network segmentation ‍and multi-factor authentication.

“We assume a ⁣security incident is going to happen again … There ⁤are so many people trying,” Mr. Leffler said.

A report‍ from​ Malwarebytes Threat ⁢Intelligence revealed a staggering 1,900 ransomware attacks in just four​ countries from July 2022 to June ‌2023, with the United States being the primary target. Hospitals have increasingly ⁣become ‍attractive targets for hackers, who‌ demand ‍higher payments for⁣ the return of critical data.

Brett​ Callow, a threat analyst with‍ cybersecurity provider Emsisoft, ‍explained that the centralization of digital systems‌ in hospitals⁢ has made them vulnerable to ransomware attacks.

“Pretty much everything in a hospital is ⁣computer controlled, from patient records ⁢to emergency⁤ dispatch systems to payroll systems,” ⁣said Callow. “So when the computers go⁤ down, that means it’s back‌ to pen and paper, which can just ​instantly cripple an institution trying to save lives.”

Due ‌to the urgency ‍of providing life-saving care, hospitals have become prime‍ targets ​for ransomware attacks.

“In ⁢a lot ⁤of cases, hospitals had‌ to⁣ redirect ⁢ambulances and instead take them to the next nearest hospital. For a‌ stroke or‌ heart attack ​victim, those extra ⁣minutes could be the difference ⁣between life and death,” said Callow.

One lawsuit in Alabama even alleged that a newborn’s death resulted from a ransomware⁢ attack that⁣ paralyzed the​ hospital for ‌over a week.

The bad actors who create ransomware software are usually based in⁣ Russia or Eastern⁣ Europe, while ⁣the ones who use the software to carry out the attacks can be anywhere.

‘Game of​ Whack-a-Mole’

Network segmentation, which decreases the‍ ability​ for a cyberattack to take down an entire⁤ system‍ through entering one computer, has been shown to be an effective measure, according to​ Callow.

“It⁤ would be like locking the interior doors⁣ of the house so a burglar would have trouble moving from one room to another,” explained Callow.

However, ⁣no security protocol can guarantee complete protection against ransomware attacks.

“It’s a ​constant⁤ game of​ whack-a-mole. ⁤It is impossible to completely ⁣defend ⁢against. ​No matter how good your defense is, once in a while, ‌the opposition is going to ⁢be able ‌to score a goal,” said Callow. “All you can do is try to reduce ‍the likelihood.”

Recognizing ⁢the urgency ‍of the situation, Rep. Nancy Mace (R-S.C.) introduced legislation to facilitate the hiring of ⁣qualified ​cybersecurity professionals to⁢ protect large​ institutions.

“I’m concerned that we as a nation are not prepared‍ for the increasingly cyberattacks‌ that will be fielded by ​AI,”‍ Rep. Mace said.

She emphasized the need‌ to fill the shortage of ‍700,000 cybersecurity professionals across the country ⁤and remove‍ barriers that prevent⁤ skilled individuals⁤ without a ‍four-year degree from contributing to the defense against cyber ‍threats.

However, ⁣according‌ to Callow, ransomware attacks​ will persist‌ as long as they remain profitable.

“The reason ⁣there are⁤ increasing numbers of ‍these ransomware attacks is that they⁣ are profitable,” said Callow.​ “The less profitable they become, the less there ‌will be, and if people stop making payments, there will ‌stop being ransomware attacks.”

Until⁤ hospitals and institutions⁣ cease paying millions to ransomware criminals, ⁤large-scale attacks will continue to plague modern society.

“In the short term, putting an end to ⁣the payments⁤ would mean a lot of pain ‌for large institutions, but in the long run, it may be⁣ the⁤ only way to put an end to these attacks,” concluded Callow.

What is multi-factor authentication and ⁣how‌ does it protect hospitals​ against cyberattacks?

, is one of the measures hospitals‍ are⁤ implementing to mitigate ‌the risk⁤ of ransomware attacks. ‌This process involves dividing a network into smaller ‌segments in order to isolate ⁢potential threats and prevent‌ them from spreading throughout‌ the ⁤entire system. With⁢ network segmentation in place, if one segment is compromised, the rest of the network ‌remains unaffected,​ thus minimizing the impact⁤ of a cyberattack.

Multi-factor ​authentication (MFA) is another crucial security measure being adopted by ‍hospitals. ​MFA requires users to provide ⁣multiple forms of identification, such as a password, ⁤a fingerprint scan, or a security ​token, in order to ​gain access to‍ a system. This adds an extra layer‌ of protection against unauthorized access and significantly reduces the risk of a successful cyberattack.

However, despite these proactive measures, hospitals continue to face ​an uphill​ battle against ransomware ⁢attacks. The cat-and-mouse nature of the issue has been likened to a “game of whack-a-mole,” where the hackers constantly adapt their tactics to bypass security measures. As soon as one vulnerability is patched, ⁤another ‌one is ‍discovered.

In addition to implementing robust security measures, hospitals must also prioritize ‍employee education and training.⁣ The majority ‌of successful cyberattacks are a result of human error, such as ‌clicking on malicious links or falling victim to phishing attempts. By educating staff members about cybersecurity best ‌practices and⁣ ensuring they⁤ are aware⁢ of the potential⁤ risks and consequences of their actions, hospitals ⁤can significantly reduce the likelihood of‍ a successful attack.

In⁢ conclusion, the surge of ‌ransomware attacks ​at hospitals across America presents a grave threat to both the infrastructure and patient‍ care of these ⁣vital institutions. The devastating‍ impacts of these​ attacks have been highlighted ⁤by testimony from industry leaders and cybersecurity experts. Hospital administrators‌ must take immediate action to bolster their IT systems’ security, ⁢implement measures⁢ such as network segmentation and multi-factor authentication, and ​prioritize employee education and training. Without significant investment and proactive measures, hospitals will continue to be vulnerable to ransomware attacks, putting patient lives and critical data at risk.