Cybersecurity and International Health Services
Pwned: International Style
by Charles Parker
Hospitals provide a plethora of data. The attackers could target hospital and/or patient data. This is exceptionally marketable to many different entities. When the attackers couple this with ransomware, there are ample chances for severe attacks. This malicious tool has been used over the last few years in many different industries. The medical industry has been exceptionally hit by this. This is partially due to the criticality of the data. The attackers know patient care is totally dependent on the EMR/HER being readily accessible by the medical staff. This was truly a significant problem starting two years with the attacks in the UK.
The attackers have pivoted down under and have attacked the New Zealand health service. Specifically the Waikato District Health Board’s (DHB) network. The Waikato hospital network was successfully breached. The attack, while on point, did not completely cripple the entry network. Of the 103 surgeries, 73 still were able to move ahead. Another hospital in the network did however have to reschedule its surgeries. In rural hospitals, all outpatient activity needed to be deferred. The staff were working to remediate the issue and get the systems back online.
In this case, it appears the attack vector was the simple email attachment. This is another example of an area for employee training. All it takes is the right employee in the right department at the wrong time clicking an attachment.