In our lifetimes, we may visit the hospital two or three
times, or more. With the medical facilities, they require data and information
to operate. This is presently in the form of EHR and EMR (electronic health
records and electronic medical records). These allow the doctors to complete their
tasks, nurses to pass medications, physical therapists to provide therapy, etc.
Without the services being available, there is a mortal danger. There were a number of hospitals attacked in 3Q2019 whose operations were affected.
Targets
For this set of attacks, the medical facilities were located
in the Australian state of Victoria. In particular, this affected two large
health systems. These were the Gippsland Health Alliance and South West Rural
Health Alliance (SWARH). SWARH provides health care services for approximately
23k square miles. This range is from West Melbourne to the border of south
Australia. While this is substantial, this also affected Barwon Health, a
regional network in the Geelong region, and West Gippsland Healthcare Group.
Overall, at least seven major hospitals were breached. There were also
unfortunately, other servers across the state compromised during this set of attacks.
The hospitals needed to segregate and disconnect systems to stop the wave of
compromised systems. In effect, the hospitals quarantined the systems from the
internet.
Attack
The hospitals were already prepped to some extent for
cyber-attacks. While this is the case, the attackers were able to bypass the
security controls which were already in place. The means for this was ransomware.
This has become an epidemic in the industry. Through the attack, they were able
to gain unauthorized access. The ransomware was used, as with the myriad of
other attacks, to encrypt the hospital’s respective files. The attacks focused on patient booking and financial systems. The attack was designed to bring
down their operations. With any patient booking system that is down, unless you
have the next few days or weeks printed, you can’t know for certain what
appointments are in the future, or the types of procedures. Due to this, the
hospitals were not able to plan for the operations. Without the financial
system able to be used, the hospital could not pay salaries or bills. Their
budgeting processes would not work, and the finance department also would not
be able to ensure the departments are within their spending limits. As of
10/2/2019, there was no specific ransom demanded.
Effects
At least one hospital was forced to resort to using pen and
paper systems for booking appointments and procedures. During the outage, the
hospitals were not able to access patient histories, charts, images, and other data.
This did not affect every department and bypassed the emergency departments.
Data
The press release stated there was no evidence the personal
patient information had been accessed. The data, however, is timeless. This
could be used for years to come by the unauthorized parties.
Remediation
While this successful attack is significant, the hospitals
and other affected systems were assisted by the Victorian Cyber Incident
Response Service and the Australian Cyber Security Center. The management for
the Victorian Government Cyber Incident Response Service recommended not paying
the ransom. This is generally the best route for the breached organizations.
Resources
Australian Associated Press. (2019, September 30). Systems
shut down in victorian hospitals after suspected cyber attack. Retrieved from https://www.theguardian.com/australia-news/2019/oct/01/systems-shut-down-in-victorian-hospitals-after-suspected-cyber-attack
Department of Premier and Cabinet. (2019, September 30).
Cyber health incident. Retrieved from https://www.vic.gov/au/cyber-health-incident
Gatlan, S. (2019, October 1). U.S. and Australian hospitals
targeted by new ransomware attacks. Retrieved from https://www.bleepingcomputer.com/news/security/us-and-australian-hospitals-targeted-by-new-ransomware-attacks/
Goodin, D. (2019, October 1). Ransomware forces three hospitals
to turn away all but the most critical patients. Retrieved from https://arstechnica.com/information-technology/2019/10/hamstrung-by-ransomware-10-hospitals-are-turning-away-some-patients/
Hattersley-Gray, R. (2019, October 1). New ransomware
attacks hit U.S., Australian hospitals. Retrieved from https://www.campussafetymagazine.com/news/new-ransomware-attacks-hit-u-s-australian-hospitals/
Kirk, J. (2019, October 2). Australian medical facilities
hit by ransomware. Retrieved from https://www.govinfosecurity.com/australian-medical-facilities-hit-by-ransomware-a-13167
No comments:
Post a Comment