You may have already spotted, but a ransomware attack has hit a French hospital crippling 6,000 computers; reminiscent of WannaCry, which hit the NHS in 2017. To prevent the infection spreading, the IT team opted to close down the systems and operate in ‘degraded mode’. It is predicted it will take much of this week to restore systems to standard functionality and the French National Agency for Information Systems Security is assisting the hospital IT team.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
Firstly, it shows how defense in depth deficiencies are becoming a threat to public safety. Hospitals are a great target for an attacker as they are frequently setup without a defense in depth mindset – when someone is rushed in to the ER and equipment is needed, access here and now to anyone that need to use that device is the first priority. This mindset then seems to spill over to affect how a lot of the IT work in those organizations is performed. The fact that servers and workstations were affected likely means a privileged account has been compromised, the entry point is almost always via a user.
I would not downplay the risks stemming from this large-scale attack that reportedly paralyzed virtually all critical systems within the entire hospital. In light of mushrooming doom-style reports, saying that hackers are apt to kill people by technology means, often being exaggerated and detached from reality, this particular incident indeed may lead to catastrophic and irreparable consequences.
When a hospital is flatly prevented from accepting phone calls and other incoming communications, when medical personnel fail to share medical records and obtain diagnosis requisite for the most serious of medical interventions, a multitude of wrong and fatal decisions may be taken. Frequently, even a minor delay or ignorance will derive in failure to save someone’s life.
We became so inalienably dependent on technology that its sudden removal may take innocent lives away, even if we are still far away from mortal IoT science-fiction so colorfully depicted by some vendors.
One may question the reasons for such an abrupt proliferation of infection across different networks and systems, likely pointing out the ineffective implementation of patch management, network segmentation and malware isolation processes. The hospital may likely have a legal claim for negligence and breach of contract against its IT suppliers, depending on the circumstances of the incident that are to be duly investigated.
The Rouen University Hospital has been paralysed by ransomware, with an attack similar to WannaCry in 2017, putting lives at risk. Sadly, the targeting of hospitals with ransomware is a growing trend; earlier this year seven hospitals in Australia were also impacted by ransomware. Hospitals are becoming a major target as despite new technology adoption being high, there is often a lack of cyber security knowledge, even though health data can be a very lucrative area for cybercriminals. This makes busy hospital staff the perfect targets.
Stories like this really underscore the growing importance of cybersecurity in protecting our physical as well as our virtual worlds. As our kinetic and cyber worlds are becoming increasingly interlinked – whether due to an attack such as this that disrupts vital services, or an attack on a power grid or even a nuclear plant – cyber-attacks now have real world consequences with hugely dangerous potential impacts. It is vital that there is greater education and that organisations do more to test their defences against hackers or we will continue to see attacks of this kind
A big driver behind the increasing popularity of ransomware is digital transformation. While this has brought with it many benefits, organisations have become reliant on these digital technologies; loss of data can be a critical issue, making ransoming that data a much more profitable business. Added to this, systems are much more hyper-connected now than they used to be and one of the evolutions in the ransomware we see today is that it can now spread across different systems, so the possibility of widespread damage is much higher. This wasn’t necessarily the case 15 years ago. Unfortunately, this means we are seeing a lot of hits against organisations where data is critical – such as hospitals – where there is often no option but to pay the ransom, or lives could be put at risk.