Since Thursday night, the FBI has been warning of increased cyberattacks on various American hospitals. The used malware Ryuk encrypts the data of the infected systems and thus complicates the further operation of the hospitals. The attack on system-relevant infrastructure such as these is combined with requests for ransom money to release the sensitive data as quickly as possible. The exact number of affected hospitals is not known, only that hospitals in the states of New York, Oregon and Minnesota are involved.
The data encryption has caused significant delays in the clinic process, as the affected clinics have had to reroute some of their patients, which has delayed the waiting times for necessary treatments. Clinics in Germany are also sometimes victims of such cyber-attacks, which can be life-threatening for patients in addition to the financial loss of the organization.
A major ransomware attack took place in the summer of 2019 on central systems of the DRK-Trägergesellschaft Süd-West. Affected were the affiliated hospitals in Rheinland-Pfalz and Saarland, whose provision of care was delayed. According to the media, this incident, fortunately, had no further consequences for patients. No ransom was paid, and the incident lasted from 13th to 26th July. Sodinokibi was identified as the software used, and a Mobile Incident Response Team (MIRT) was deployed to determine the cause of the attack and restore the patient to a working condition.
The BSI (Bundesamt für Sicherheit in der Informationstechnik) recommends the establishment of a functioning and practiced emergency management for such ransomware attacks. It was crucial for the success of the measure that, on the one hand, the crisis treatment in the hospital works and patient care is ensured by analogue data acquisition. It is relevant for IT to narrow down the problem, find the cause and select the necessary measures.
To prevent such attacks from the outset, it is also advisable to sufficiently sensitize employees to the subject of phishing and social engineering and to improve and tighten regulations on password security for remote access. Multifactor authentication for administrative actions is recommended.
#Ransomware #MFA #Cybersecurity #Ryuk #Phishing #SocialEngineering