More than ever, the dangers posed by the growing cyber-threat pandemic exceed traditional concerns like identity and financial theft. According to The Hacker News, malicious actors have developed a fresh new strategy for grabbing some fast cash: extort hospitals for the lives of their patients.
Yes, you read that right: holding up hospitals.
The scam is fairly straightforward. An anonymous party infects a hospital’s computer network with ransomware, which freezes all operations until the hospital pays a ransom. The concept is an old one, but by targeting hospitals, these cyberattackers ensure a quick and reliable payout. Worse, by demanding payment in bitcoin, an untraceable cryptocurrency, they face no potential recourse. What can doctors and hospital officials do if their critical computerized infrastructure and patient records become compromised in this way? Tell patients needing urgent care “oops, maybe we should’ve protected our network better?” Perhaps play God with patients’ lives and ignore the attacker’s demands? Hippocrates might have a thing or two to say about that.
In the case linked above and another back in April, the hospitals’ reaction is to immediately shut down network operations in order to stop the spread of the malware, begin restoring critical records and systems from backups, and then triage patients for relocation or temporary care. However, without reliable backups or immediate detection and action, such a strategy becomes irrelevant. Furthermore, the methods used by such attackers will only become increasingly sophisticated and efficient. For example, the FBI notes that attackers are already playing a longer con by writing malware that targets backups before manifesting in the system proper.
It seems apparent that escalation in the field of cybersecurity continues to swell exponentially. We’ve now reached a point in which lives are guaranteed to be lost if the worldwide medical community does not adopt more comprehensive and proactive strategies for preventing, detecting, and responding to cyber-intrusions.