Cybercriminals Attacked An Entire Hospital, Putting Patients At Risk

A group of cybercriminals took down an entire hospital and put patients in serious jeopardy.

By Charlene Badasie | Published

This article is more than 2 years old

GoDaddy cybercriminals

Cybercriminals targeting healthcare facilities are putting patients at unnecessary risk. Hospitals have been under increased strain over the past year due to the impact of the ongoing global pandemic, which has prompted hackers to carry out ransomware and other cyberattacks. With these incidents on the rise the CyberPeace Institute, an international body dedicated to protecting the vulnerable in cyberspace, says more must be done to hold the cybercriminals accountable for their actions.

The latest attack by cybercriminals happened on Sunday night when the head of IT at a Florida hospital experienced a major technical glitch. The emergency room at Florida’s Jackson Hospital could not connect to the charting system that doctors use to look up patients’ medical histories. Jamie Hussey, Jackson Hospital’s IT director, soon realized that the software, which was maintained by an outside vendor, was infected with ransomware and that he didn’t have much time to keep the computer virus from spreading.

Going off the head of IT’s advice, the 100-bed facility shut down its computer systems. “If we hadn’t stopped it, it probably would’ve spread out through the entire hospital,” Hussey told CNN. Thanks to the cybercriminals, hospital staff had to ditch their electronic records and reverted to pen and paper to keep the hospital running. Fortunately, patient care wasn’t disrupted at all.

As the hospital’s IT systems gradually came back online, Hussey was expecting phone calls from the FBI (who investigates cybercriminals) and Aon, a cybersecurity consulting firm that was helping with the computer system’s recovery. Together, they were trying to figure out if the hackers had stolen any hospital data, and if they might need to be paid off to recover it.

microsoft

Sadly, this is not a unique situation. When faced with a ransomware attack, a hospital might have to pay cybercriminals a ransom in return for the decryption key. This is usually the quickest way to fix the network and the most direct route to restoring patient care. While the solution seems easy, it doesn’t stop the incident from being traumatic for staff who often find themselves unable to be involved in procedures.

Patients may also get sent to other hospitals for treatment which is very risky if time is a factor. But even months on from a cybercriminal attack, patient care can remain affected. Speaking about the gravity of the situation CEO of the CyberPeace Institute, Stéphane Duguin, told ZDNet there’s a real-time impact and long-lasting effects. “When hospitals are hit by ransomware the care might take longer than it did before the attack,” Duguin told the publication.

The ransomware Hussey’s team found on Jackson Hospital’s charting system is called Mespinoza. Cybercriminals have used it to infiltrate 190 organizations across various industries worldwide. This includes several in health care, according to a Department of Health and Human Services advisory. The hacking group is one of many that haven’t refrained from hitting health care facilities during the pandemic.

Senior threat intelligence officer at cybersecurity firm Recorded Future, Allan Liska said there were 134 publicly reported ransomware incidents involving health care organizations in 2021. This is up from 106 incidents in 2020. But most attacks by cybercriminals don’t make the news or get the attention they deserve. So for now the best way for hospitals to protect themselves from attacks is to lock down and secure their networks.