What happens to emergency services during a ransomware attack?
Imagine a busy road during the festive season. There’s been a car accident. Now for the unthinkable: You call an ambulance, but the dispatch can no longer contact emergency services. In the hospital, scanning equipment is down and investigations like blood work can’t be ordered. Blood storage and theatre equipment aren’t working. This frightening scenario could be played out in any hospital in the country—if hackers have their way. As the recent ransomware attack in New Orleans demonstrated, public services are all too vulnerable.
So, what happened in New Orleans?
New Orleans declared a state of emergency after ransomware infected city servers and computers on December 13 and they had to be shut down. (Quick reminder: Ransomware does what it says on the tin and holds data hostage until a ransom is paid). New Orleans has not disclosed if it received a demand for payment or whether access to computers was blocked. Services were disrupted though, while staff wielded pen and paper to keep things running, and police and emergency services made do with radio contact only. If you’re a hacker with a love of anarchy and post-it notes, that’s still a success then.
Ransomware attacks are on the rise across the globe
It follows an alarming trend: The New Orleans attack is just the latest in a series targeting government services in the US. Consider poor Cleveland Ohio. The main airport’s flight and luggage information boards were out of action after malware landed. In St Lucie County, criminals had reason to cheer as the Sheriff’s Office was left without fingerprinting and background check systems.
Imran Khan of Avira’s Virus Lab explains: “More than 100 municipalities, health care institutions, and government organizations worldwide were targeted in the first half of 2019 alone. The reasons are clear: There’s a huge volume of valuable data available here, and more chance of a successful ransom payout.”
Dangerous consequences for healthcare
Sadly, malware can have deadly consequences when it strikes the very vulnerable, such as patients in hospitals. WiFi-enabled wheeled computers are used around the hospital. Offline, these vital assistants are rendered useless.
Mihail Zilbermint, M.D., Assistant Professor of Medicine at Johns Hopkins University School of Medicine and Chief of Endocrinology, Diabetes and Metabolism at Suburban Hospital in Bethesda, Maryland provides more insight: “All patient documentation, which includes previous visits and notes, laboratory data and a patient’s history, is part of our electronic medical record (EMR). When the EMR is down, we have to back-up files until the system comes back online and use paper notes and records, if available.” Staff resort to paper, which is slow, tedious, and carries a higher probability of human error.
The doctor won’t see you now… What if #ransomware cripples first response teams, like it did local government in New Orleans? #cybersecurity
What’s the true cost of ransomware?
US law enforcement advises never paying a ransom, as that makes ransomware a viable business model. Yet when you’re knee-deep in paper copies and unable to provide a service to an irate community, it’s pretty tempting to reach for the bitcoin. The associated financial damage can be devastating too. What’s the true cost of poor staff productivity over days, or even weeks? The IT estate also needs to be repaired quickly and made more resilient for the future. Sadly, it’s government agencies and public institutions that most often lack the resources they need to protect themselves from cyberattacks.
Emergency services don’t sleep. Neither do hackers
If you’re reading this lying on a gurney, rest (in peace? Not yet) assured that doctors and first responders on the front line will do everything they can to keep services up and running. But it remains the responsibility of the entire organization to invest in and rigorously implement an effective IT security strategy that offers attackers no loopholes, including:
- Highly effective anti-malware and intrusion prevention systems
- Regular, comprehensive backups that are securely stored
- A properly configured firewall
- Employee training for cyber awareness
- Privileged access to information based on user profiles
Avira’s Virus Lab cites unpatched systems and software as the main reason for a successful attack. So it’s as true in medicine as it is in threat defense: Prevention is better than the cure.