Hospital Ransomware Attacks Cause Deaths

What a shock. Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks.

As PBS noted in its coverage of the Vanderbilt study, after data breaches as many as 36 additional deaths per 10,000 heart attacks occurred annually at the hundreds of hospitals examined.

The researchers found that for care centers that experienced a breach, it took an additional 2.7 minutes for suspected heart attack patients to receive an electrocardiogram.

Do you think that security is worth anything? Do you think that doctors will actually follow recommendations from someone who isn’t a doctor?

Does a Hospital Getting Hit with Ransomware Count as News?

I’m leaning toward not news. Brooklyn Hospital Loses Patient Data In Ransomware Attack.

The hospital provided very little information, except to say that the attack happened in July. There was an investigation, and attempts to recover the files in the intervening months.

The unrecoverable information includes names and certain dental or cardiac images. The hospital highlights that the investigation did not find any evidence that the data was exfiltrated from its systems or otherwise misused.

Does it need to be stated again? Organizations have decided that backups are not needed. (People have decided that as well, both are wrong.) Or in other cases, they have a backup server which is online to their network, and that gets encrypted as well. At least some of the backups need to be offline.

Alabama Hospital Pays Ransom

But it’s OK, because they have insurance. Alabama Hospitals Back Online 10 Days After Malware Attack.

The DCH Health System said its hospitals in the west Alabama cities of Tuscaloosa, Northport and Fayette resumed admitting patients Thursday, and its imaging and patient scheduling services were going back online Friday.

So they did what the FBI has been telling people not to do, which is pay the ransom. I wonder if they will take any action to prevent a repeat attack, or if the bad guys are just keeping a list for places to revisit next year. I also wonder how long insurance will be available. You can get homeowners’ insurance because house fires are relatively rare occurrences. If half of your neighborhood burned every year, insurance would be harder to come by, or it would cost a whole lot more.

Is Ransomware Getting Worse? Yes

The FBI sees the writing on the wall. Will anyone listen? FBI warns of major ransomware attacks as criminals go “big-game hunting.

Where certain attacks have behaved like opportunistic attacks – Baltimore is mentioned – that is changing as the bad guys get better, or worse. Better at being bad guys, anyway.

Data from CrowdStrike has shown a rise in what the firm refers to as “big-game hunting” over the past 18 months. These attacks focus on high-value data or assets within organizations that are especially sensitive to downtime—so the motivation to pay a ransom is consequently very high.

And the FBI, though they didn’t give much info, thought the situation warranted a warning. Not that anyone will listen. Actually preparing for such an attack costs money, and means we have to change the way I do things, in ways that I don’t like, and besides those damn IT folks are always wanting to spend money some crazy thing. And what can it cost, anyway?

What Is the Cost of a Ransomware Attack?

In the case of Demant (a Danish company), the costs are high. Ransomware incident to cost Danish company a whopping $95 million.

While they had an insurance policy, it will not cover a quarter of that bill. And there are worries that while they were down, and unable even to support retail sales, customers switched brands, and will not be back.

And the company isn’t saying “ransomware.” Though Danish media is reporting it that way, and it “sure did look like one from the outside.”

Most of the losses have come from lost sales and the company not being able to fulfill orders. The actual cost of recovering and rebuilding its IT infrastructure were only around $7.3 million, a small sum compared to the grand total.

So what part of that $7 million has the IT department been pleading for? But as they say, there is much more.

Furthermore, “in our hearing aid retail business, many clinics across our network have not been able to service end-users in a regular fashion.”

These business upheavals have been a disaster for the company’s bottom line. In a message to its investors, Demant said it expects to lose somewhere between $80 million and $95 million.

So, for that $7 million, could the IT folks have made themselves immune to ransomware? Probably not. But they might have been able to mitigate the cost, and it’s not like the company didn’t end up spending the money anyway. The difference is between a scrambling emergency, that impacts customers, as well as both top-line growth and the bottom-line, and a planned implementation.

Other incidents from 2019 include…

defence contractor Rheinmetall, airplane parts manufacturer Asco, aluminum provider Norsk Hydro, cyber-security firm Verint, the UK Police Federation, utility vehicles manufacturer Aebi Schmidt, Arizona Beverages, engineering firm Altran, the Cleveland international airport, and chemicals producers Hexion and Momentive.

Hat tip to Security Now episode #735.

RobinHood Ransomware Ups Its Game

Ransomware as a business, means marketing will play a role. RobbinHood Ransomware Using Street Cred to Make Victims Pay.

RobinHood was the ransomware responsible for the Baltimore outage. The number referenced for what the city spent on remediation (they did NOT pay the ransom) is 10 million dollars. That’s a bit disingenuous, because a fair amount of that money was for new equipment. And they spending even more to harden their infrastructure. I would argue that is money they should have spent BEFORE they were hit. But hey, I’m not in politics.

The operators behind the RobbinHood ransomware have changed their language in the ransom note to take from victims all hope of decrypting the files for free and to make them pay for the recovery.

Boastful and arrogant in their message, the cybercriminals point to past incidents involving their ransomware, which ended with victims paying much more than the ransom demand.

Is there any politician or corporate drone who can say, after their organization gets hit with ransomware, that the attack was “unexpected?” Of course their are; I forget that they are paid to lie every day.

Ransomware Continues to Impact Health Care

Remember when Obama said computerizing medical records would be such a good idea. U.S. and Australian Hospitals Targeted by New Ransomware Attacks.

Three hospitals in Alabama and seven in Victoria, Australia have been hit with ransomware. Some are not accepting new patients. Some are reverting to manual procedures.

In a related bit of news, a California clinical group is closing its offices because they can’t recover patient records.

In related news, following another ransomware attacks from early August, Californian medical practice Wood Ranch Medical announced on September 18 that it will be closing offices on December 17 because of the extensive loss of patient healthcare records.

Their “backup server” was online, so it too, was encrypted. Having a separate copy of your data is NOT ENOUGH. How many times do people need to be told that before they’ll listen? Well, if they don’t listen to this advice at this point, then they never will. And my level of sympathy for people playing in traffic was exhausted decades ago.

So I can’t decide if Obama and Company saying how great things would be when all medical records are computerized counts as politicians pretending to be engineers (or computer scientists), or if it just evidence of colossal arrogance. From my POV, having all the records on computers, that the doctors won’t pay to secure, hasn’t made things better. I’m sure the hackers LOVE the fact that all those records are computerized. And poorly secured. You could think Obama has some interest in the hacking, but that would be giving him too much credit for understanding what encryption can do. Smartest President Ever™

Just Because It Claims to Be Ransomware…

Or why you shouldn’t pay ransom, and why you should have backups. Destructive Ordinypt Malware Hitting Germany in New Spam Campaign.

A new spam campaign is underway that pretends to be a job application from “Eva Richter” who is sending her photo and resume. This resume, though, is actually an executable masquerading as a PDF file that destroys a victim’s files by installing the Ordinypt Wiper.

It masquerades as ransomware, and demands a ransom, but even if you pay, the files have been overwritten with garbage, NOT encrypted. You won’t/can’t get them back.

So do you have those multiple backups? Are some of the them offline? How would you recover?

A City Says “Nuts” to Ransomware Demand

Granted, coming up with a payment that large is probably a problem from most municipalities. $5.3M Ransomware Demand: Massachusetts City Says No Thanks.

Okay, they aren’t really channeling Anthony McAuliffe and 101st Airborne, but they decided not to pay.

New Bedford, population 95,000 is near Boston.

After a ransomware attack slapped a hefty payout demand of $5.3 million on New Bedford, Mass., the city announced that it is instead opting to pick up the pieces and restore what it can from backups itself.

They had a little bit of luck, and they had some decent architecture. Which resulted in only about 4 percent of computers being hacked. They did have to shut down for an extended period of time.

That’s because after learning of the attack, the city was able to rapidly disconnect its computer servers and shut down systems. In addition, the attack hit after the July 4 holiday, meaning that a large number of computers were turned off at the same time that the ransomware was attempting to spread; and, officials said the city’s network was compartmentalized “to a certain degree,” making it harder for the malware to spread.

And they told us what the ransomware was, Ryuk (Ree-ook). Ryuk is both a strain of ransomware that is been wreaking havoc in various places and a character from a Manga (Japanese comic book) called Death Note. He is a Shinigami, “supernatural spirits that invite humans toward death in certain aspects of Japanese religion and culture.” I think that says something about the authors of the ransomware.

The city tried to negotiate a smaller payment, but that was rejected by the attackers. So off they go to restore.

Ransomware Attacks on Cities, Schools and Dentists

People need to figure out how to work with data that is NOT online. Because if you don’t have the resources to defend your data, it will be encrypted. Cybercriminals Attacking Schools, Governments With Ransomware.

Cybercriminals are wreaking havoc across America in recent months, with the latest target being local governments and even schools.

A school in Orange County, New York, was all set to welcome students back from summer vacation on Wednesday, but a ransomware attack has delayed the start of the school year.

As many have said, the smaller cities and schools are not spending money on cybersecurity. Which at this point, they need to seriously consider doing, or they should consider stopping with the “put all the data online” push.

And the dentists? Ransomware Attack on Digital Dental Records Impacts Many Providers.

The computers systems of a large number of US dental offices were infected with ransomware on Monday, [week ago] after a malware attack on the Digital Dental Record and PerCSoft’s cloud remote management software. The impacted providers are still attempting to recover access to their patient data and systems.

And also Ransomware Bites Dental Data Backup Firm. Attacks on service providers mean one attack can impact multiple offices/sites, whether that be dentists, doctors, cities or schools.

Attacks on hospitals and larger clinics remain common, but cities and schools are more likely to be in the news.

And sadly, things will get worse before they get better.