For first time, cyberattack causes closure of a hospital

Originally published at: For first time, cyberattack causes closure of a hospital | Boing Boing

2 Likes

I would hope that their IT had a backup of their data, though i presume that getting them back online would still involve them combing through the backups and make sure there aren’t any malicious files hiding in it (Not an IT expert :sweat_smile:)

3 Likes

Just in case you were wondering how WW3 will be fought.

6 Likes

Jersey Shore Angelina GIF by Jersey Shore Family Vacation

5 Likes

My mother was in hospital when the cyberattacks took out the HSE (like the NHS but shitter) in 2021. Getting bloods done involved people driving with cars. Cancer treatments stopped. Everything went to shit.

Thing is that old computers will always be on hospital networks. Some of the hugely expensive machines they can’t afford to buy new ones of are hooked up to Windows 98 PCs and the software doesn’t exist on a modern system.

11 Likes

Network administrators in hospitals have it particularly tough. Medical equipment is certified to work only on a specific version of software. If a patch comes out, the system has to be re-certified on the new version. But certification is expensive and takes time, so patching is often delayed (if it’s even available.) And once a version is known to have a flaw, it can be quickly exploited, so if an attacker can access it, they can abuse it.

And doctors like to be able to remotely access things like diagnostic imaging, so they don’t want to unplug a useful machine just because it might get compromised.

All that said, I think most hospitals still fall prey to ordinary phishing emails, just like everyone else. It’s not realistic to think that 100% of employees will be able to stop 100% of the attacks, 100% of the time.

The one thing that it really takes to stop attacks is a skilled cyber defense team. They’re not cheap, and require a lot of expensive resources. Not something the average hospital wants to budget for.

11 Likes

Apparently the actual attack was back in 2021; this article just notes that the hospital is ascribing its actual closing-as-in-going-out-of-business-sign-on-door at least in part to the ransomware attack.

The description given is very bare bones; but it doesn’t sound like they had particularly good backups:

A ransomware attack hit SMP Health in 2021. The attack halted the hospital’s ability to submit claims to insurers, Medicare or Medicaid for months, sending it into a financial spiral, Burt said.

“It is devastating,” Burt said of the attack.

“You’re dead in the water,” she said. “We were down a minimum of 14 weeks. And then you’re trying to recover. Nothing went out. No claims. Nothing got entered. So it took months and months and months."

Even with really excellent backups you still have a serious problem(unless you have a root cause and at least a rough timeline you don’t necessarily know which backups are safe to restore; or exactly what changes need to be made to prevent reinfection; and unless you have a handle on persistence mechanisms, lateral movement, and stolen credentials even if whatever the original entry point was is blocked or was a once-off your internal systems can keep reinfecting one another if you try to bring them back up incrementally; which is probably what you’ll want to do because having some of your systems down doesn’t make shutting more of them down very attractive and you definitely don’t have enough techs and administrators to be attending to all of them at the same time; since they normally don’t need attention all that the same time).

All that said; 14 weeks sounds closer to rebuilding atop the rubble according to an approximation of the original street plan; rather than a tough restoration.

4 Likes

I guess this is the dystopian cyberpunk future I was promised. Promised, threatened with…

3 Likes

I was about to ask; did I miss the memo where our timeline was formally certified as a Cory Doctorow or Neal Stephenson plot…?

ETA: as an IT person in the healthcare industry, this is one of me and my team’s worst fears. As others have already pointed out, sadly one does not simply “plug the holes”, and recovery from an event can be in and of itself another nightmare.

4 Likes

I’m also an IT person in the Healthcare industry. I agree, this is a recurring nightmare. I live constantly pulled betwixt pillar and post, between the ancient equipment that we “must have because there’s not a better system” (which really means there IS a modern system but it’s prohibitively expensive); and the Doctors wanting the new toys.

People would be amazed how much healthcare hardware runs on WinXP systems.

2 Likes

This topic was automatically closed after 5 days. New replies are no longer allowed.