I worked in health care and just retired a few weeks ago after 39 years, and it is a fact that healthcare is specifically targeted by ransomware pirates and people who write malicious code that when it isn't simply to extort money, is emotionally for them the simple equivalent of spraypainting a car and then overturning it and setting it on fire.
I took part in a conference call a couple of years ago with probably about 70 people from hospitals all over our region, and one hospital that had undergone a ransomware attack, three months after the fact, told us their story.
Three months later, and it STILL was not fully operational. The harm it caused to patients was profound, and the mental anguish it caused for the healthcare providers who were unable to provide timely care was sobering.
And it gave me a keyhole glimpse into what would happen if we had a large EMP event.
Hospitals are vulnerable to these types of attacks, because they often have no recourse but to pay. This hospital had all of their active system databases encrypted and locked, and the malicious software searched and found their backups, infected them and were also encrypted and locked by this ransomware.
In their immediate region, they were the only Level 1 Trauma hospital that could be accessed without putting someone in a helicopter.
They had to resort to paper, which they didn't have and were unprepared for. They could only store and display their radiology images on the devices that acquired them. They had no way to transmit results on exams to clinicians who needed them. At one point, they had to close and lock the doors to the rooms the Radiologists occupied to execute their interpretations, because it was like a zombie movie with clinicians taking care of critically ill patients, clamoring at the doors to get results.
The team from that hospital were obviously traumatized by it, and I heard several of their voices crack and choke up as they described the events.
When asked if they had to pay the ransomware pirates, they declined to tell people on the conference for legal reasons, which made me conclude they had to pay millions, but that is speculation on my part.
As you can probably guess-I am not in the least bit kidding in my post saying these people should be hunted down by trained military assault teams, have canvas bags placed over their heads, transported to places they can be waterboarded to extract any available information about their cohorts, tried, and executed.
It sounds harsh, but just wait until one of these people does something that kills large quantities of people in a single event. Hacking planes. Hacking power grids.
Or worse.
The first step is finding them given the volume and spoofing going on. These people look at it as throwing out fishing lines and maybe they will get some easy money.
I got a message yesterday stating that I had unpaid motor vehicle tickets. It came from the Philippines. Probably not as serious as what you described but if someone falls for it they could be wiped out.
Agreed - this stuff needs to be dealt with.
I totally agree.
About 5 years ago, my oldest son's Rheumatologist's computers were taken over by ransomware. They wouldn't let anyone make an appointment until they got their system back. I asked him, hadn't they ever heard of appointment books? Or the fact that they could either dictate into a hand recorder, and/or write the notes from a visit that someone could enter into the system at a later date? They actually paid the ransom. It wasn't long after that, that he found another doctor to visit.
Early last year, the billing company Change Healthcare that handles Medicare billing and claims was hacked. I have no clue if they've even got the problems straightened out since then.
How did we ever produce, and view x-rays without digital devices? People have become way too reliant on devices to conduct their business. At least at the library, if their computer system is down, you can still find a book by checking the card catalog.
Besides making people lazy, the internet has caused as many problems as it has helped. It's given criminals just another platform to victimize people with. And nobody in the government seems to want to do anything about stopping it. When was the last time you heard of someone, or a group of criminals, being charged with sending out phishing emails, and phony text messages? Does anybody actually do anything with the scam emails you forward to the companies whose names are on them, or all the text messages you mark as spam, and mark "report"?
This goes for any critical information, not just hospitals.
By the way, even though I am a "computer geek", I keep my backup material on thumb drives and CD-ROMs. Those are kept off-site. My project records are ALL on paper stored in three ring binders. I'm old fashioned, but robust. My computer roots go back to 1967. I don't trust 'em.