Biggest Ransomware Attack Yet Crippled U.S. Hospitals Last Weekend

This is horrific.

onOctober 2, 2020 at 4:01 PMOctober 2, 2020 at 2:37 PM

We’ve talked a lot about how while the lack of security in Internet of Things devices was kind of funny at first, this kind of apathy towards privacy and security in everyday technology isn’t a laughing matter. Whether it’s cars being taken over from an IP address up to ten miles away, to the rise in massive new DDoS attacks fueled by your not-so-smart home appliances, security experts have spent the better part of the decade warning us the check for our apathy on this front is coming due. We’ve (and this includes government agencies) have spent just as long ignoring them.

That’s particularly true in the healthcare field, where hackable pacemakers and ransomware-infected hospital equipment is becoming the norm. Earlier this month, a woman died in Germany after a ransomware attack on her hospital delayed life-saving treatment. Though she most certainly probably isn’t, she’s being declared the first person to be killed by the steady parade of such attacks that have plagued the medical sector for much of this decade.

Last weekend, Universal Health Services, with more than 400 locations in the United States, was hit by one of the biggest ransomware attacks in U.S. history. As a result, the hospital chain was forced to resort to using pens and paper to manage patients after their computer systems ground completely to a halt. Such attacks usually come on the weekend when the hospitals are short staffed, and the results usually aren’t pretty:

Sponsored

Navigating Financial Success by Avoiding Common Pitfalls and Maximizing Firm Performance

In this CLE-eligible webinar, we’ll explore the most common accounting pitfalls and how to avoid them for your firm.

From Pilot and Above The Law

“Two Universal Health Services nurses, who requested to not be named because they weren’t authorized by the company to speak with the media, said that the attack began over the weekend and had left medical staff to work with pen and paper.

One of the nurses, who works in a facility in North Dakota, said that computers slowed and then eventually simply would not turn on in the early hours of Sunday morning. “As of this a.m., all the computers are down completely,” the nurse said.”

This is of course not a new problem. Massively profitable medical organizations routinely underfund their privacy and security IT infrastructure, and the government penalties have been negligible. As a result, for most of this decade security researchers like Brian Krebs have been noting that hospitals are hit with 20 ransomware attacks a day. And of course the problem isn’t just in surgical tools and antiquated computer systems, it extends to high tech gear like pacemakers embedded with wireless connectivity, which result in the kind of hackable products make global covert wetwork operatives giddy.

Instead of government, private industry, advocates, and experts working in coalition to create meaningful standards for medical devices and internet of things devices, we instead enjoy wasting calories on tech policy games of Whac-A-Mole in which we freak out about the outrage du jour that may or may not warrant it (see: TikTok). This kind of incoherent, histrionic approach to internet security isn’t, if you hadn’t noticed, working out particularly well.

Biggest Ransomware Attack Yet Crippled U.S. Hospitals Last Weekend