Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security Medicine

How Ransomware Puts Your Hospital At Risk (deccanherald.com) 35

nickwinlund77 quotes a New York Times opinion piece: In March, several cybercrime groups rushed to reassure people that they wouldn't target hospitals and other health care facilities during the Covid-19 pandemic. The operators of several prominent strains of ransomware all announced they would not target hospitals, and some of them even promised to decrypt the data of health care organizations for free if one was accidentally infected by their malware. But any cybersecurity strategy that relies on the moral compunctions of criminals is doomed to fail, particularly when it comes to protecting the notoriously vulnerable computer systems of hospitals.

So it's no surprise that Universal Health Services was hit by ransomware late last month, affecting many of its more than 400 health care facilities across the United States and Britain. Or that clinical trials for a Covid-19 vaccine have been held up by a similar ransomware attack disclosed in early October. Or that loose-knit coalitions of volunteers all over the world are working around the clock to try to protect the computer systems of hospitals that are already straining under the demands of providing patient care during a global pandemic.

In the midst of the Covid-19 pandemic, the potential consequences of these cyberattacks are terrifying. Hospitals that have lost access to their databases or had their networks infected by ransomware may not be able to admit patients in need of care or may take longer to provide those patients with the treatment they need, if they switch to relying on paper records...

Every hospital and clinic should be re-evaluating their computer networks right now and ramping up the protections they have in place to prevent their services from being interrupted by malware or their sensitive patient data from being stolen.

This discussion has been archived. No new comments can be posted.

How Ransomware Puts Your Hospital At Risk

Comments Filter:
  • My hospital? I don't have a hospital.
    • by whitroth ( 9367 )

      No problem. Can we assume that when you catch C-19, or get hit by a hit-and-run car, or come down with STDs, that you'll treat them at home, and not go to an ER, either?

  • Running Microsoft Windows in a hospital? Then you are criminally negligent.

    • Ever been in the booth when an MRI is going on?
      Thats a Windows application.
      Want it changed? Convince Toshiba to build a Not-Windows interface.


      If there is little or no alternative, "criminally negligent" is not relevant.
      • Years ago they used to be SGI boxes.

    • by Sique ( 173459 ) on Saturday October 17, 2020 @06:17PM (#60620136) Homepage
      So show me the software suite to do accounting, resource planning, appointment schedules, patient databases, general word processing, communication with other institutions, with insurers, with research institutions, with external labs, print out formatted reports for controlling institutions and all the other tedious work for running a hospital, that has a proven record to work, and is operable by the average secretary, doctor and technician alike, and which does not have at least some component running on Windows!
    • by clovis ( 4684 ) on Saturday October 17, 2020 @08:23PM (#60620386)

      The problem isn't Microsoft Windows.

      It is admins that grant full access to everything for themselves and do all their work, email reading, and web surfing while logged on with their admin account.
      It is admins who grant full access to people across multiple resources rather than take the trouble to identify and configure the minimum access needed.
      It is admins that use the same system account and password across multiple devices and resources that should not even be on the same network much less the same logon domain.
      It is admins that never seriously thought about how they would recover from a disaster of any type and had never done a trial run of recovery.
      It is an IT that allows data and programs to be spread all over the environment with no idea of what's out there.
      It is users that will open every email, open every attachment, and click every link in emails they get.
      And ... the management that lets them get away with it.

  • by Anonymous Coward

    To dumb terminals and mainframes. No attack vectors.

  • ... moral compunctions of criminals is doomed to fail ...

    This self-deluded moralising is pure click-bait. Okay, criminals don't spend a lot of time thinking of the consequences of their actions but even the dumbest mastermind knows the difference between abusing the social contract and shooting himself in the foot. In short, Covid-19 is so dangerous that the average criminal will be thinking how to protect himself. Refusing to cripple hospitals is enlightened self-interest. I'm far more worried about about the people who can buy protection and healthcare at a

    • by eatvegetables ( 914186 ) on Saturday October 17, 2020 @06:19PM (#60620138)

      Organized crime and nation state actors are behind the vast majority of large scale, sophisticated ransomware attacks. Indiscriminately killing people in hospitals doesn't present them with any moral dilemmas. To the contrary, it provides them with victims who will be highly motivated to pay ransome demands. COVID 19 is just another money making opportunity and any comments they offer are nothing more than public relations hokem.

  • by Joe_Dragon ( 2206452 ) on Saturday October 17, 2020 @06:12PM (#60620126)

    3rd party vendors systems that can't have updates installed are part of issue as well systems stuck on XP as it may cost $100K-$200K+ per unit to replace an system that is part of XP computer to run it.

    As well 3rd party vendors saying we must have remote access to the system from off site.

    We are talking about things like x ray medicines, mri medicines, etc where the hospital IT has very little say on there software and they can't put them on Domain / install any management software on them. Or in some cases can't even do windows updates.

    • Sure, update from the malware to the spyware, and still have loads of malware on your Microsoft piece of shit.

  • Microsoft Windows strikes again!

Technology is dominated by those who manage what they do not understand.

Working...