Security News

While other businesses worry about reputational damage when they're hit by a ransomware attack, hospitals have to worry about canceled operations and ambulances backing up outside the emergency department. If an attack does get through, there is immense pressure on hospitals to simply pay the ransom.

The relationship between medical device manufacturers and healthcare delivery organizations has always been challenged by a lack of good communication, mostly to the detriment of the latter. The impact of a cyberattack is not equally shared: While a HDO may be rendered inoperable for days or weeks by ransomware, the MDM may or may not be receiving some bad press.

Hospitals and Health Care group has disconnected all incoming and outgoing Internet connections after discovering they suffered a cyberattack that resulted in the theft of sensitive administrative and patient data. The cyberattack occurred on April 19th and affected the CHs of Vitry-le-François and Saint-Dizier, causing GHT to disconnect Internet connections to the hospitals to prevent the attack's spread and further data theft.

As many as five security vulnerabilities have been addressed in Aethon Tug hospital robots that could enable remote attackers to seize control of the devices and interfere with the timely distribution of medication and lab samples. Aethon TUG smart autonomous mobile robots are used in hospitals around the world to deliver medication, transport clinical supplies, and independently navigate around to perform different tasks such as cleaning floors and collecting meal trays.

Researchers at healthcare cybersecurity company Cynerio just published a report about five cybersecurity holes they found in a hospital robot system called TUG. TUGs are pretty much robot cabinets or platforms on wheels, apparently capable of carrying up to 600kg and rolling along at just under 3km/hr. During what we're assuming was a combined penetration test/security assessment job, the Cynerio researchers were able to sniff out traffic to and from the robots in use, track the network exchanges back to a web portal running on the hospital network, and from there to uncover five non-trivial security flaws in the backend web servers used to control the hospital's robot underlords.

Security vendors pledge free protection for US hospitals and utilities amid fear of Russian cyberattacks. With that in mind, three security companies are offering their products for free to US hospitals and utilities.

A joint announcement from the Ministry of Health and the National Cyber Directorate in Israel describes a spike in ransomware attacks over the weekend that targeted the systems of nine health institutes in the country. In the joint announcement, the Israeli government states that the attempts resulted in no damage to the hospitals and the medical organizations, thanks to national-level coordination and the quick and decisive response of the local IT teams.

A hospital that continued to admit patients during a ransomware attack has been sued over claims that a baby died after doctors and nurses failed to spot there was a problem due to networks being shut down. Nicko Silar died after six months in intensive care after being born at Springhill Memorial Hospital with the umbilical cord wrapped around her neck, documents filed in the Alabama Circuit Court state [PDF].

In July 2019, an Alabama hospital was dealing with a ransomware attack that had shut down computer systems throughout the hospital. She has filed a lawsuit against the hospital that claims the loss of monitoring technology ultimately caused the death of her infant.

Healthcare cybersecurity under attack: How the pandemic affected rural hospitalsIn this interview with Help Net Security, Baha Zeidan, CEO at Azalea Health, talks about how rural hospitals have been affected by the pandemic and what steps they should take to boost their cybersecurity posture. 3 ways to protect yourself from cyberattacks in the midst of an IT security skill shortageEnterprises face a catch-22 situation: Security is more vital than ever, but cybersecurity positions are nearly impossible to fill.