Security News

French President Emmanuel Macron on Thursday unveiled a plan to better arm public facilities and private companies against cybercriminals following ransomware attacks at two hospitals this month and an upsurge of similar cyber assaults in France. The attacks at the hospitals in Dax and Villefranche-sur-Saone prompted the transfer of some patients to other facilities as the French health care system is under pressure from the coronavirus pandemic.

The CHwapi hospital in Belgium is suffering from a cyberattack where threat actors claim to have encrypted 40 servers and 100 TB of data using Windows Bitlocker. On Sunday, CHwapi suffered an attack that caused the hospital to redirect patients to other hospitals and delay surgical procedures.

In November, after a series of hacks directed at Universal Health Services and others, the cybersecurity agency CISA warned of an "Increased cybercrime threat to U.S. hospitals and healthcare providers." Large healthcare organizations can have a potentially vast attack surface, so making an inventory of potential vulnerabilities is essential.

A Vermont-based hospital network is now saying a cyberattack that crippled its computer systems in October was ransomware. While the Burlington-based University of Vermont Health Network, which serves hospitals in Vermont and upstate New York, had said its systems were attacked on Oct. 28, officials had not confirmed the attack that disabled the system's 600 applications was ransomware.

Two thousand servers containing 45 million images of X-rays and other medical scans were left online during the course of the past twelve months, freely accessible by anyone, with no security protections at all. Among the data - drawn from unprotected online storage devices with ties to hospitals and medical centres all over the planet - were 23,000 images of UK patients, left exposed to the public internet on 90 separate servers.

Despite hospitals being on the front lines during the pandemic, bad actors have continued to target them with ransomware. Incidents of ransomware attacks against hospitals skyrocketed in October.

A late October cyberattack on the computer systems of the University of Vermont Medical Center is costing the hospital about $1.5 million a day in lost revenue and recovery costs, its CEO said. The Oct. 28 attack crippled the computer systems of the hospital system that serves much of Vermont and parts of upstate New York.

Administrators scrambled to keep the hospital operational - cancelling non-urgent appointments, reverting to pen-and-paper record keeping and rerouting some critical care patients to nearby hospitals. The Vermont hospital had fallen prey to a cyberattack, becoming one of the most recent and visible examples of a wave of digital assaults taking U.S. health care providers hostage as COVID-19 cases surge nationwide.

The University of Vermont Health Network is still recovering from a Ryuk Ransomware attack in October 2020, with services slowly coming back online. In October, the University of Vermont hospitals suffered a Ryuk ransomware attack that impacted services to varying degrees in all seven hospitals in their health network.

Wired has a detailed story about the ransomware attack on a Dusseldorf hospital, the one that resulted in an ambulance being redirected to a more distant hospital and the patient dying. After a detailed investigation involving consultations with medical professionals, an autopsy, and a minute-by-minute breakdown of events, Hartmann believes that the severity of the victim's medical diagnosis at the time she was picked up was such that she would have died regardless of which hospital she had been admitted to.