Cybersecurity, Ransomware and Hospitals
In our lifetimes, we may visit the hospital two or three times, or more. With the medical facilities, they require data and information to operate. This is presently in the form of EHR and EMR (electronic health records and electronic medical records). These allow the doctors to complete their tasks, nurses to pass medications, physical therapists to provide therapy, etc. Without the services being available, there is a mortal danger. There were a number of hospitals attacked in 3Q2019 whose operations were affected.
For this set of attacks, the medical facilities were located in the Australian state of Victoria. In particular, this affected two large health systems. These were the Gippsland Health Alliance and South West Rural Health Alliance (SWARH). SWARH provides health care services for approximately 23k square miles. This range is from West Melbourne to the border of South Australia. While this is substantial, this also affected Barwon Health, a regional network in the Geelong region, and West Gippsland Healthcare Group. Overall, at least seven major hospitals were breached. There were also, unfortunately, other servers across the state compromised during this set of attacks. The hospitals needed to segregate and disconnect systems to stop the wave of compromised systems. In effect, the hospitals quarantined the systems from the internet.
The hospitals were already prepped to some extent for cyber-attacks. While this is the case, the attackers were able to bypass the security controls which were already in place. The means for this was ransomware. This has become an epidemic in the industry. Through the attack, they were able to gain unauthorized access. The ransomware was used, as with the myriad of other attacks, to encrypt the hospital’s respective files. The attacks focused on patient booking and financial systems. The attack was designed to bring down their operations. With any patient booking system that is down, unless you have the next few days or weeks printed, you can’t know for certain what appointments are in the future, or the types of procedures. Due to this, the hospitals were not able to plan for the operations. Without the financial system able to be used, the hospital could not pay salaries or bills. Their budgeting processes would not work, and the finance department also would not be able to ensure the departments are within their spending limits. As of 10/2/2019, there was no specific ransom demanded.
At least one hospital was forced to resort to using pen and paper systems for booking appointments and procedures. During the outage, the hospitals were not able to access patient histories, charts, images, and other data. This did not affect every department and bypassed the emergency departments.
The press release stated there was no evidence the personal patient information had been accessed. The data, however, is timeless. This could be used for years to come by the unauthorized parties.
While this successful attack is significant, the hospitals and other affected systems were assisted by the Victorian Cyber Incident Response Service and the Australian Cyber Security Center. The management for the Victorian Government Cyber Incident Response Service recommended not paying the ransom. This is generally the best route for the breached organizations.
Australian Associated Press. (2019, September 30). Systems shut down in victorian hospitals after suspected cyber attack. Retrieved from https://www.theguardian.com/australia-news/2019/oct/01/systems-shut-down-in-victorian-hospitals-after-suspected-cyber-attack
Department of Premier and Cabinet. (2019, September 30). Cyber health incident. Retrieved from https://www.vic.gov/au/cyber-health-incident
Gatlan, S. (2019, October 1). U.S. and Australian hospitals targeted by new ransomware attacks. Retrieved from https://www.bleepingcomputer.com/news/security/us-and-australian-hospitals-targeted-by-new-ransomware-attacks/
Goodin, D. (2019, October 1). Ransomware forces three hospitals to turn away all but the most critical patients. Retrieved from https://arstechnica.com/information-technology/2019/10/hamstrung-by-ransomware-10-hospitals-are-turning-away-some-patients/
Hattersley-Gray, R. (2019, October 1). New ransomware attacks hit U.S., Australian hospitals. Retrieved from https://www.campussafetymagazine.com/news/new-ransomware-attacks-hit-u-s-australian-hospitals/
Kirk, J. (2019, October 2). Australian medical facilities hit by ransomware. Retrieved from https://www.govinfosecurity.com/australian-medical-facilities-hit-by-ransomware-a-13167
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.