Hospitals provide a plethora of data. The attackers could
target hospital and/or patient data. This is exceptionally marketable to many
different entities. When the attackers couple this with ransomware, there is
ample chances for severe attacks. This malicious tool has been used over the last
few years in many different industries. The medical industry has been
exceptionally hit by this. This is partially due to the criticality of the
data. The attackers know patient care is totally dependent on the EMR/EHR being
readily accessible by the medical staff. This was truly a significant problem
starting two years with the attacks in the UK.
The attackers have pivoted down under and have attacked the
New Zealand health service. Specifically the Waikato District Health Board’s
(DHB) network. The Waikato hospital network was successfully breached. The attack,
while on point, did not completely cripple the entry network. Of the 103
surgeries, 73 still were able to move ahead. Another hospital in the network
did however have to reschedule its surgeries. In rural hospitals, all outpatient
activity needed to be deferred. The staff were working to remediate the issue
and get the systems back online.
In this case, it appears the attack vector was the simple
email attachment. This is another example of an area for employee training. All
it takes is the right employee in the right department at the wrong time clicking
an attachment.
No comments:
Post a Comment