LIVES ON RANSOM!
Hostage and ransom have been known to the criminal world for ages. It is executed in a variety of ways, for different reasons and motives. Criminal gangs to terrorists all indulge in this act, mostly for ransom and at times for other reasons. This takes a quantum leap in the cyber world. The hostage is not a human being but data, data made non-operational, making the institution non-functional. The institution is a hospital or a chain of hospitals, and the attack is known as a ransomware attack. A recent headline explains quite succinctly, ‘Lives are at stake’ hacking of US hospitals highlights deadly risk of ransomware.
Sophos, a cybersecurity firm, is doing a yeomen service in bringing out hard cyber security data in public domain which all of us need to know, in our own interest. In the cyber world India is just a click away. Ransomware is particularly devastating in the healthcare industry, where even a few minutes of downtime can have fatal consequences. The attacks have become ominously frequent. Sophos research finds an increase of 94% between 2021 and 2022. More than two-thirds healthcare organizations in the US said they had experienced a ransomware attack in 2021, up from 34% in 2020.
In the US, ransomware attacks on healthcare have become particularly common. 41% of such attacks globally have been carried out against US based firms in 2021. The increase has just not been only in numbers but there is also growing sophistication of these attacks. The current situation is terrible. Ransomware has led to health care disruptions. It includes delayed chemotherapy treatments and ambulances being diverted from a San Diego emergency room. There was also a lawsuit filed in Alabama for a baby’s death, which might be ”first death by ransomware,” blaming a 2019 hack of a hospital.
Given the devastating consequences that can happen in a hospital, it is identified as a high profile target. The North Korean state-sponsored cyber actors attack for this reason. While paying ransom is not advised, being in the catch22 situation, 61% of healthcare organizations attacked end up paying ransom. With lives held at ransom, extracting it becomes easy. In the third quarter of 2021, 30% of ransomware attacks on healthcare entities were carried by Conti, a Russian crime syndicate. In June the FBI has thwarted an attack from Iran on a Boston Children’s Hospital. The crux of the problem is that patient information and systems have increasingly been digitized but the spend on cyber security is minimal. With barely 4-7% of this spend, there doesn’t seem to be, better times ahead.
LIP SERVICE IN HOSPITAL CYBER SECURITY CAN BE SUICIDAL.