Covid-19 Does NOT Mean No Ransomware

Three separate ransomware stories – all against healthcare organizations, even though SOME hackers SAID they weren’t going to hack healthcare. Of course, what makes you think you can trust folks who break the law for a living.

#1 – Largest Private Hospital Company in Europe Hit By Ransomware

Fresenius, is Europe’s largest hospital operator and a major provider of dialysis equipment and services. The company said that the hack has “limited some of its operations but that patient care continues”

You can’t expect them to say anything different, but the part of its operations that are limited are likely those that use computers. Which is pretty much everything.

They have four business units – kidney patient care, operating hospitals, pharmaceutical provider and facilities management. I am sure that none of those depend on those ransomed computers.

Fresenius employs nearly 300,000 people.

To make matters worse, the particular malware, SNAKE, targets Internet of Things devices. None of those in your average hospital.

SNAKE is one of the family of ransomware 2.0 hacks that threaten to publish your private data if you don’t pay up – so backups are not a complete defense from these attacks. Credit: Brian Krebs

#2 and #3 – Two other Ransomware 2.0 attacks went after plastic surgery clinics.

One was Dr. Kristin Tarber’s clinic in Bellevue, Washington.

There the hackers published patient medical histories.

The other is in Nashville, TN and attacked the Nashville Plastic Surgery Institute D/B/A Maxwell Aesthetics. There the hackers stole patient history data, health insurance info, surgery info an other information.

I haven’t seen the stolen/published data from these hacks, but in other plastic surgery hacks, they have published photos of plastic surgery of body parts that are not usually exposed, if you get what I mean.

The challenge for the healthcare industry is that the insurance companies and government reimbursements are really reducing margins.

Until the folks that control their reimbursements decide that getting shutdown for weeks or operating off paper charts with no visibility to patient history is a not a good thing, expect there to be a lot more breaches.

For the hackers, this is very lucrative. I would not be surprised if this is a revenue stream for North Korea.

I definitely feel for the healthcare providers. They want to do the right thing, but they don’t have the money.

This year the Department of Defense, which has had its own problems with hackers, decided that security is not optional and will actually reimburse defense contractors for the costs of implementing security.

The healthcare industry hasn’t gotten there yet. Hopefully it will. Otherwise, expect your medical information to be available for sale on the web. Credit: SC Magazine

by