Industrial Cybersecurity Pulse
  • SUBSCRIBE
  • Threats & Vulnerabilities
  • Strategies
  • IIoT & Cloud
  • Education
  • Networks
  • IT/OT
  • Facilities
  • Regulations
  • Threats & Vulnerabilities
  • Strategies
  • IIoT & Cloud
  • Education
  • Networks
  • IT/OT
  • Facilities
  • Regulations
  • Resources
  • Helpful Links
  • Editorial Calendar
  • Advertise
  • Contribute
  • Content Partners
  • Contact Us
  • Privacy Policy
  • Terms and Conditions
SUBSCRIBE
  • Resources
  • Helpful Links
  • Editorial Calendar
  • Advertise
  • Contribute
Industrial Cybersecurity Pulse
Subscribe
Industrial Cybersecurity Pulse
  • Threats & Vulnerabilities
  • Strategies
  • IIoT & Cloud
  • Education
  • Networks
  • IT/OT
  • Facilities
  • Regulations
  • Threats & Vulnerabilities

Throwback Attack: A ransomware attack shuts down the Parkview Medical Center IT networks at the worst time

  • Gary Cohen
  • July 22, 2021
Equipment at a health care facility
Courtesy: CFE Media and Technology
Total
12
Shares
0
12
0
0

Ransomware attacks are a growing threat to critical infrastructure and private industry worldwide. While every business sector has felt the sting of ransomware, few have been harder hit of late than health care. In April 2020, Colorado-based Parkview Medical Center was targeted by a ransomware attack on its information technology (IT) systems when it could least afford to have those systems shut down — during the height of the COVID-19 global pandemic.

Ransomware is the most prominent malware threat right now because it’s fast, easy and usually results in a tidy profit for the attacker. According to Sophos’ State of Ransomware 2021 report, 37% of 5,400 respondents surveyed said their organizations were hit with ransomware in the last year, and 54% of those reported the criminals succeeded in encrypting their data.

Often, attacks on the health care sector go after confidential patient records — Social Security numbers, financial data and the like — but this has shifted a bit in the last year as a result of the pandemic. Threat actors are looking for pain points, and health care is an almost perfect victim. When you’re dealing with matters of life and death, you can’t afford to have your systems go down for any length of time. It is even possible now for hackers to up the ante and endanger patients by manipulating medical devices or laboratory values.

“They realize that,” said David Masson, director of enterprise security at Darktrace. “If they ransomware an operational technology (OT) system, it’s on the basis of they know that the organization can’t afford to have production halted or changed or interrupted in any kind of way. Maybe the easiest solution to get things back to normal will be — take a wild guess — pay the ransom, and that’s why they go after them. It’s the same reason that attackers go after things like municipalities and hospitals. People have a big drive to maintain that service, and perhaps the easiest way to maintain that service is to pay the ransom.”

Parkview Medical Center attack

The attack on Parkview Medical Center, based in Pueblo, Colorado, occurred in late April of 2020, and essentially rendered the hospital’s systems for storing patient data inoperable. Most hospitals use digital systems to store all of their patient information. Without those essential medical records, providers are missing the core of what they need to do their jobs. Parkview released a statement after the attack ensuring the community that the hospital was managing the situation.

“Patient care is always our first priority,” read the statement. “Patients will not see any impact to the level or quality of care being delivered. As a regular course of business, Parkview Medical Center frequently trains and prepares for scenarios that result in IT system outages.

“We are well prepared, and our staff is trained to continue operations while we work to get our regular IT systems back online. While our medical staff continues to work around the clock in response to the ongoing global pandemic, we are doing everything in our power to bring our systems back online as quickly and securely as possible.”

When the cyberattack was discovered, Parkview Medical Center officials engaged with a third-party team to mitigate and investigate the incident. In order to keep operations running, the hospital had to revert to using pen and paper forms to track patients, which slowed hospital service down. On a good day, this kind of delay can have a major impact on patients’ lives. But shortly after the country had essentially shut down as a result of the pandemic, this was time hospitals didn’t have. By April, health care facilities were overwhelmed by COVID-19 patients, placing undue stress on their systems.

Targeting health care

That’s exactly why hospitals are attractive to threat actors — especially now. In 2020, Emsisoft reported 560 health care facilities were impacted by ransomware attacks in 80 separate incidents. And according to Health and Human Services (HHS), ransomware attacks were responsible for almost 50% of all health care data breaches in 2020.

One of the biggest perpetrators of attacks on the health care sector has been Ryuk, a notorious Eastern European gang that accounted for about one-third of the 203 million ransomware attacks in the U.S. in 2020. The Wall Street Journal reported Ryuk has attacked at least 235 general hospitals and inpatient psychiatric facilities, plus dozens of other health care facilities in the U.S. since 2018.

“They do not care. Patient care, people dying, whatever. It doesn’t matter,” said Bill Siegel, CEO of the ransomware recovery firm Coveware in the Wall Street Journal article. “Other groups you can at least have a conversation. You can tell them, ‘We’re a hospital, someone’s going to die.’ Ryuk won’t even reply to that email.”

Hospitals also make good targets for extortion for an unfortunate reason shared by many other economic sectors: Their cybersecurity tends to be lax. Many experts recommend organizations to spend at least 10% of their IT budget on cybersecurity; others argue for more. According to Fierce Healthcare, health care organizations dedicate only around 6% of their budget to cybersecurity measures.

“There’s a reason why everyone is putting the blame on the cybersecurity basics not being there. That’s true, but there’s much more involved there,” said Ron Brash, director of cybersecurity insights at Verve Industrial Protection. “I think ransomware and the state of cybersecurity in general — besides the products being weak, for the most part — is systemically related to [the fact that] there’s no budget, and it’s something much bigger. We’re looking at the symptoms of the problem, but what is the basis of the problem? We basically bought a car, we didn’t change the oil in it, we didn’t change the brakes on it, and we’re wondering why the engine has blown. That’s where we’re at today with ransomware.”

To pay or not to pay

Ransomware ultimately results to a simple question: Should you pay the ransom or not? The HIPAA Journal reported that ransomware attacks against U.S. health care providers have caused more than $157 million in losses since 2016. For businesses, this usually comes down to a cost-benefit analysis. How much does it cost to have systems down versus how much the cybercriminals are asking for.

“Because [many businesses] just pay it, as if it’s like a tax that someone decided — it’s like a toll going over a bridge that you didn’t really want to pay, but you will pay — they’ll just do it and they’ll write it off,” Brash said. “It’s a business loss. Great. Shareholders don’t care. The company is still making money. Everything’s wonderful.

“That’s where we start to wind up in problems, where you start to apply the ethics of it. Does it make sense to be paying someone that’s very likely to attack you again? Or are you financing something else that you shouldn’t be financing in another country? That’s another conflict of it. So I think what needs to happen is paying ransom should not be your playbook. That should not be what your go-to plan is when this event occurs.”

The Cybersecurity and Infrastructure Security Agency (CISA), the HHS and the FBI issued an advisory in November 2020 warning of “an increased and imminent cybercrime threat to U.S. hospitals and health care providers.” They recommended providers take “timely and reasonable precautions to protect their networks from these threats.” According to the agencies, malicious groups are targeting the sector, “often leading to ransomware attacks, data theft and disruption of health care services.”

“These issues will be particularly challenging for organizations within the COVID-19 pandemic” the alert read. “Therefore, administrators will need to balance this risk when determining their cybersecurity investments.”

The health care sector is likely to remain in the crosshairs of threat actors because of the critical nature of its work. It’s essential for providers to invest in increased cybersecurity, effective backups and education efforts among staff to mitigate the threat and provide continuity for their life-saving work, especially as the COVID-19 pandemic rages on.

Do you have experience and expertise with the topics mentioned in this article? You should consider contributing content to our CFE Media editorial team and getting the recognition you and your company deserve. Click here to start this process.

Gary Cohen

Gary Cohen is senior editor/product manager at CFE Media.

Related Topics
  • CFE Content
  • Featured
  • news
Previous Article
Many wonder where to start when attempting to protect embedded systems in OT cybersecurity? Here are some great places to start.
  • Education

Cybersecurity education and research institute established

  • Washington State University
  • July 21, 2021
Read More
Next Article
  • Strategies

Bridging the cybersecurity leadership gap

  • MediTechSafe
  • July 23, 2021
Read More
You May Also Like
Read More

How a desert water utility helped protect critical infrastructure

A robot powered by OSARO’s machine learning system picks consumer goods. Courtesy: A3/OSARO
Read More

Industrial robot utilization requires cybersecurity strategy

Courtesy: Brett Sayles
Read More

Throwback attack: Russia launches its first cyberattack on the U.S. with Moonlight Maze

Read More

Throwback attack: Russia breaches Wolf Creek Nuclear Power facility

Courtesy: CFE Media and Technology
Read More

Lack of qualified cybersecurity personnel for critical infrastructure

Figure 1: PLCs, HMIs, and other Ethernet-capable automation devices used for modern automation systems can no longer rely on “cybersecurity by obscurity” and “air gaps.” They must progressively adopt advanced IT type security features. Courtesy: AutomationDirect
Read More

Cybersecurity-centered systems and fundamentals

Read More

Port and maritime cybersecurity vulnerabilities are getting more focus

Figure 1: For smaller organizations with limited network resources, it can be tempting to plug your machine directly into the business network. Courtesy: DMC
Read More

Securing your facility

SUBSCRIBE

GET ON THE BEAT

Keep your finger on the pulse of top industry news

SUBSCRIBE TODAY!
VULNERABILITY PULSE
  • Mitsubishi Electric - June 14, 2022
  • Meridian Cooperative - June 14, 2022
  • Johnson Controls - June 14, 2022
  • Microsoft - June 14, 2022
  • Citrix - June 14, 2022

RECENT NEWS

  • Protecting the power grid through cyber-physical threat response
  • How to secure Industry 4.0 in a highly connected world
  • Managing external connections to your operational technology (OT) environment
  • Webcast: Addressing Cybersecurity Challenges in Industry 4.0
  • How a desert water utility helped protect critical infrastructure

EDUCATION BEAT

Introduction to Cybersecurity within Cyber-Physical Systems

Cyber-physical systems serve as the foundation and the invention base of the modern society making them critical to both government and business.

REGISTER NOW!
HACKS & ATTACKS
  • Ron Brash Interview: Expert advice on finding the root of the ransomware problem
  • Throwback Attack: How the modest Bowman Avenue Dam became the target of Iranian hackers
  • Minimizing the REvil impact delivered via Kaseya servers
  • Key takeaways from 2020 ICS-CERT vulnerabilities
Industrial Cybersecurity Pulse

Copyright 2022 CFE Media and Technology.
All rights reserved.


BETA

Version 1.0

  • Content Partners
  • Contact Us
  • Privacy Policy
  • Terms and Conditions

Input your search keywords and press Enter.

By using this website, you agree to our use of cookies. This may include personalization of content and ads, and traffic analytics. Review our Privacy Policy for more information. ACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT