© Copyright Nostre Net
A study by the Independent Security Evaluators (ISE ) consultancy found that the industry focuses almost exclusively on protecting people's health records and rarely addresses protecting patient health from the perspective of a cyber threat. With this focus, organizations perceive threat actors as 'unsophisticated adversaries', as individual hackers.
See more: Managed Storage Services
ISE believes that these institutions ignore the potential for more sophisticated cyber attacks on hospitals by political groups of hackactivists, organized crime and terrorists who are highly motivated and well-funded and as a result several surfaces are left unprotected and the attack strategies that can result in damages to patients, they are not taken into account '.
Cyber attacks and a death
In September 2020, Universal Health Services (UHS) , a network of hospitals and health services with more than 400 facilities in the U.S., Puerto Rico and the United Kingdom, was attacked by Russian ransomware 'Ryuk' .
This was not the first cyber attack on a UHS hospital. Security company Advance Intel through the Andariel intelligence platform reported that trojan malware infected Universal Health Services in the course of 2020.
The UHS network has not confirmed the details of the attack, but reports from UHS officials indicate that the attack was the result of a successful phishing expedition.
The attack deactivated computers and telephone systems and forced hospitals to switch back to manual, paper-based systems to continue operations. They also had to redirect ambulances and move surgical patients to other unaffected facilities.
In general, in large and complex organizations, cleaning and restoring the system is not simple or fast. A UHS press release on 10/12/2020 announced "... we had no indication that any patient or employee's data was accessed, copied or misused".
He also stated that operations returned to normal after a total of 16 days. That downtime cost more than $ 1,000,000 a day or more, which was a serious blow to UHS finances. It is not known whether the institution paid the ransom.
A cyber attack always has consequences for organizations, but when a ransomware hits the health segment, there is a real risk of death.
In the case of UHS there were unconfirmed rumors that four patients died because doctors had to wait for the results of laboratory tests delivered by couriers, instead of electronic delivery. While these are rumors, there is a known case of a patient who died due to a ransomware attack at a hospital in Europe in September 2020.
The note delivered by the ransomware showed that the intended target was not actually the hospital, but Heinrich Heine University. The police contacted the hackers through the instructions in the ransom note left by the malware and explained the error, after which the hackers withdrew their request and provided the decryption key. However, a patient with a serious illness referred to another distant hospital, died.
IT Analyst has to review existing IT systems and internal processes. They have to work in collaboration with the management to understand IT objectives.
The Wall