For the third time in recent memory, a US hospital has fallen prey to cyber criminals with cruel intentions. On this, occasion the victim is MedStar Georgetown University Hospital in Washington D.C., which was struck by malware on Monday. The surprise attack was first noticed because of a suspicious lack of emails explains Dr. Stuart Seides – the director of the infirmary. Relaying his memory of how events unfolded,
‘I noticed that I didn’t have any emails since the previous evening. I get lots of emails every day… That was the first indication that something wasn’t quite right.’
On high alert due to the string of recent attacks, Seides made the correct assumption that the email irregularity could be a sign of a bigger problem. His concerns were soon confirmed, as on inspection it became apparent that hackers had indeed managed to take down the entire network of the second largest medical system in Maryland.
All in all, the computer virus that had been planted on the network scuppered communication between PCs in both the 800 bed Washington and 400 bed Maryland MedStar sites. Another troubling cyber penetration; that left 30,000 employees – including 6,000 physicians – unable to conduct hospital duties in the usual way.
Doctors and nurses were forced to resort to running both medical facilities in what the director described Tuesday as ‘the old fashioned way’. Adopting pens, pencils, and notepads to continue with the job of providing care to inpatients. The difference was remarkable, Seides explains, commenting on how reliant on technology the MedStar infirmaries have become,
‘We’re all very dependent on computer technology for the things we do,’ both in communications and clinical care systems,’ he said.
As was the case in the recent (Los Angeles and Kentucky) hospital cyber attacks, the FBI quickly became involved in attempts to restore the sizable computer network. In what must have felt like a frustratingly cruel blow; individual machines were still functioning, but the network itself – where important patient data is accessed – was completely out of order.
‘I can turn on my desktop computer, detached from the system with my Ethernet cable out, and see what’s on my computer locally. I can look at Outlook and see what was there yesterday. II can’t look at lab studies or images. Anything that’s hooked up to the network is not functioning,’ explained Dr. Seides commenting on the morning’s abnormal routines.
Was the MedStar attack different?
As is always the case with ransomware attacks, during the recent US hospital attacks the primary motivation was financial gain: cash that is requested in exchange for the complete restoration of the network. Surprisingly, it is claimed that on this particular occasion, the hospital network was brought to its knees without any requests for ransom. ‘I do not have any information pertaining to that,” Ann C. Nickels, MedStar’s assistant vice-president of public relations and communications commented when asked about a ransom,
‘This is a malware issue, a virus.’
Sadly, those claims seem rather unlikely. After all, one has to ask themselves why hackers would go to the trouble of committing such a high profile attack without some particular gain in mind. Don’t forget that hackers are nearly always driven by money – whether that cash is directly collected via a ransom – or earned at a later date by selling sensitive data stolen during the criminal penetration.
Bob Shaker of Symantec Corp has already come clean about knowing of frequent cyber attacks on medical facilities. That specialist intelligence seriously bolsters my doubts about MedStar’s claim. Following the hack of the Los Angeles Presbyterian hospital at the end of February, Shaker decided to reveal that he had been aware of around 20 similar ransom attacks on Medical centres during 2015.
According to Shaker, those assaults were purposefully under-publicized in an attempt to confine the problem – rather than imprudently add fuel to the fire by helping to inspire further hackers to join in on the act. With the pattern of cyber attacks defining motive to be money, it seems that it could easily be possible that on this occasion a certain amount of damage limitation and ‘cover up’ is underway.
Sophisticated ransomware too much for the FBI
Adding to fears that are already present in the cybersecurity community (that the ransomware epidemic may have only just begun), news has also emerged this week that appears to reveal a whole lot of panic amongst US law enforcement agencies. In particular, it has been revealed that the FBI acknowledges a severe lack of ability to constructively support attacked hospitals during these – now frequent- barbaric and immoral attacks.
Although the bureau did arrive on the scene of all three of the recent attacks, the FBI had to be content (it seems) with providing support to system security and cyber penetration forensic specialists brought in to help from the private sector. This extra element of the story (of what is quickly spiraling into a cyber disaster) comes courtesy of the FBI’s admission that it desperately requires help from information security businesses to quell the escalating problem.
‘We need your help!’ Says the confidential document that Reuters has managed to attain. The SOS (the communiqué explains) is due to newly encountered versions of ransomware called ‘MSIL/Samas.A,’ which take out entire networks with encryption rather than individual machines one at a time in succession.
‘This is basically becoming a national cyber-emergency,’ commented Ben Johnson, co-founder of cybersecurity firm Carbon Black.
Although it can be understood to be an embarrassing admission from the FBI, the frank call for help in its fight against ransomware can, in reality, be viewed as positive and affirmative action. Under the circumstances, this can be seen as a positive sign. Encouraging that instead of burying its head in the sand, law enforcement is actively taking steps to collaborate with the best minds to deal with this contemporary felony.
That positive perspective of the FBI’s current position is underscored by last year’s (well publicised) advice that people and businesses that are hit with ransomware should probably just pay up if they want to regain control of their system. Encouraging that the FBI is now looking for solutions and partners in the fight against ransomware.
For now, then, it will remain unknown whether the MedStar hack was, in fact, a cash heist. Common sense, however, would lead one to presume that a ransom has been requested on this occasion (like in the others), which the hospital has decided not to disclose to the public. One can only hope that the sum of money was not more than the $17,000 that were stumped up at the Hollywood Presbyterian Hospital a month ago.