10 April 2019

Ransomware erases medical records

A computer virus recently injected itself into the electronic medical record system of Brookside ENT & Hearing Services and ruined the business.

The two-doctor medical practice in Michigan has apparently become the first health care provider in the nation to shut its doors for good because of a ransomware attack, according to half a dozen cybersecurity experts contacted in the past week. Hackers are targeting Minnesota hospitals and clinics at an escalating pace, including four breaches involving patient files already reported in 2019, though any interruptions of work have been temporary...

At Brookside ENT in Battle Creek, Mich., the ransomware virus started by deleting and overwriting every medical record, bill and appointment, including the backups. The virus left behind a duplicate of the deleted files, which could be unlocked with a password that the attacker promised to provide for $6,500 in U.S. currency wired to an account, doctors at the clinic said.

The practice’s two ENT surgeons — Dr. William Scalf, 64, and Michigan state senator Dr. John Bizon, 66 — refused to pay the attacker’s ransom...
More at the StarTribune.  But notice the absence of an air gap between the computer and the backup files.

2 comments:

  1. Former IT person who worked in health care - I'm very surprised that several experts said this is this first to shut its doors for good. Something like half the businesses that suffer catastrophic data loss close their doors within a year, and given how common ransomware attacks are and how many businesses are unprepared to deal with it, statistics alone say these guys aren't the first. Perhaps the experts were replying to something more specific about the inquiry?

    Also a terminology quibble - an air gap isn't the most effective method of protecting backups. Backups have to be updated regularly to be effective, so you have to have a lot of data crossing the air gap by hand, which both a) tends to get neglected, because IT people are human, and b) it doesn't take much of a security gap for malware to hitch a ride that way. It's much more effective to encrypt your backups and automatically transfer them to off-site storage on someone else's servers that are secured for that purpose. If you're a small/medium business, I guarantee Amazon or Google's servers are VASTLY more secure than yours. You just have to make sure you won't lose your encryption keys in an attack! A pair of thumb drives and/or written piece of paper in a bank vault is a good plan for that, so is a paid subscription to an online password manager.

    ReplyDelete
  2. actually i'm glad to hear that medical records can be deleted. i don't like my personal medical records being 'owned' by a company. i don't even get any say into how they are used or sold. not good how the outcome came about, though.

    ReplyDelete

Related Posts Plugin for WordPress, Blogger...