• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Skip to secondary sidebar
  • Skip to footer

  • Opinion
  • Health IT
    • Behavioral Health
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Patient Engagement
    • Population Health Management
    • Revenue Cycle Management
    • Social Determinants of Health
  • Digital Health
    • AI
    • Blockchain
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • M&A
  • Value-based Care
    • Accountable Care (ACOs)
    • Medicare Advantage
  • Life Sciences
  • Research

Death by Ransomware: Poor Healthcare Cybersecurity

by Babur Khan, Technical Marketing Engineer at A10 Networks 01/05/2021 Leave a Comment

  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print
Death by Ransomware: Poor Healthcare Cybersecurity
Babur Khan, Technical Marketing Engineer at A10 Networks

If hackers attack your organization and you’re in an industry such as financial services, engineering, or manufacturing your risks are mostly monetary. But when it comes to healthcare cybersecurity, not only is there significant financial jeopardy, people’s health and wellbeing are also at risk so the stakes are much, much higher.

According to the Department of Health and Human Services, there has been an almost 50 percent increase in healthcare cybersecurity data breaches between February and May 2020 compared to 2019. This is thought to be a result of the COVID-19 pandemic distracting the industry due to the sweeping changes required, putting extra pressure on already inadequate healthcare cybersecurity measures. 

Why Are Hackers Attacking Healthcare?

If there’s one thing hackers like, it’s a target that’s “soft” and large, complex organizations in industries that have been slow to adopt and then secure digital technologies are precisely that, soft targets. These organizations usually have broad and mostly poorly defended “attack surfaces,” which provide hackers with many routes to enter and through which they can not only exfiltrate data but also compromise services and hardware.

Healthcare, in general, is one of the most visible and softest targets. Successful hospital cyber-attacks usually cause significant disruption of patient data and routine workflows such as scheduling patient medication, resources management, and other essential services. These hospital cyber-attacks can easily result in what is euphemistically called in healthcare “bad outcomes” … these “bad outcomes” include injury and death.

How Does Healthcare Think About Cyber Risks?

A study by the security consulting firm Independent Security Evaluators concluded:

One overarching finding of our research is that the industry focuses almost exclusively on the protection of patient health records, and rarely addresses threats to or the protection of patient health from a cyber threat perspective … In summary, we find that different adversaries will target or pursue the compromise of patient health records, while others will target or pursue the compromise of patient health itself.

The report argues that protecting patient records has been most of the focus of healthcare cybersecurity planning, and organizations often view threat actors as being “unsophisticated adversaries” such as individual hackers and small hacker collaborations. ISE argues that this framework ignores the potential of far more sophisticated hospital cyber-attacks from political hacktivist groups, organized crime, terrorists, and nation-states who are all highly motivated and well-funded and “As a result, a multitude of attack surfaces are left unprotected, and attack strategies that could result in harm to a patient are not considered.”

The Universal Health Service Hospital Cyber-attacks

In September 2020, Universal Health Services a hospital and health care network with more than 400 facilities across the United States, Puerto Rico, and the United Kingdom, found itself under attack by the Russian “Ryuk” ransomware. This wasn’t the first hospital cyber-attack on UHS. Security firm, Advance Intel’s Andariel intelligence platform, reported that trojan malware-infected Universal Health Services throughout 2020.

UHS has not officially confirmed the details of the attack but reports by UHS employees indicate the attack was the result of a successful phishing expedition. The attack disabled computers and phone systems and forced the hospitals to revert to using paper-based systems to continue operations. Affected network hospitals also had to redirect ambulances and move surgical patients to other unaffected facilities.

As is usually the case with large, complex organizations, cleaning up and restoring the system was neither simple nor quick and a UHS press release on October 12, 2020, announced: “… we have had no indication that any patient or employee data was accessed, copied or misused.” It also stated that operations were mostly back to normal after a total of 16 days. Given that downtime for enterprise security breaches cost upwards of $1,000,000 per day or more this attack will have dealt a serious blow to UHS’ bottom line. Whether UHS paid the ransom is not known.

Cyber Attacks and Murder

When a cyberattack happens to any organization, there are always consequences but when healthcare ransomware is involved there’s a real risk of loss of life. In the case of UHS, there were unconfirmed rumors of four patients dying because doctors had to wait for lab results delivered by couriers instead of by electronic delivery. While those, so far, appear to be just rumors, there is one known case of a patient dying directly due to a hospital ransomware attack.

The University Hospital Düsseldorf (UKD) in Germany suffered a ransomware attack on September 10, 2020. The attackers exploited a vulnerability in the Citrix ADC that had been known since January but the hospital, unfortunately, had not got around to implementing the fix.

As a result of the attack, the hospital immediately announced that “The UKD has deregistered from emergency care. Planned and outpatient treatments will also not take place and will be postponed. Patients are therefore asked not to visit the UKD – even if an appointment has been made” and patients were routed to alternative medical facilities.

The demand note delivered by the hospital ransomware showed that the intended target was not in fact the University Hospital Düsseldorf but rather Heinrich Heine University. The German police contacted the hackers via the instructions in the ransom note dropped by the malware and explained the mistake after which the hackers withdrew their demand and provided the decryption key.

Unfortunately, one patient with a life-threatening illness was diverted to a distant hospital after UKD was deregistered as an emergency care facility. The additional hour’s travel may have been the cause of the patient’s death. On September 18, 2020, German prosecutors launched an official negligent homicide investigation which, if confirmed, would make the patient’s death the first known case of death by hacking.

Protect Critical Systems from Malware

The key to defending your systems from malware and phishing is monitoring and examining all network communications. Now that encryption is becoming the norm for all internet communications, looking “inside” of message streams requires new approaches and technologies so that embedded threats are caught and handled before they can escalate into disasters.


About Babur Nawaz Khan
Babur Nawaz Khan is a Technical Marketing Engineer at A10 Networks, a leading provider of secure application services and solutions. He primarily focuses on A10’s Enterprise Security and DDoS Protection solutions and holds a master’s degree in Computer Science from the University of Maryland, Baltimore County.


  • LinkedIn
  • Twitter
  • Facebook
  • Email
  • Print

Tagged With: Cybersecurity, Department of Health and Human Services, Health and Human Services, Healthcare Ransomware, intel, Malware, medication, Patient Medication, Phishing, risk, Security Breaches, University Hospital

Tap Native

Get in-depth healthcare technology analysis and commentary delivered straight to your email weekly

Reader Interactions

Primary Sidebar

Subscribe to HIT Consultant

Latest insightful articles delivered straight to your inbox weekly.

Submit a Tip or Pitch

Featured Insights

2025 EMR Software Pricing Guide

2025 EMR Software Pricing Guide

Featured Interview

Paradigm Shift in Diabetes Care with Studio Clinics: Q&A with Reach7 Founder Chun Yong

Most-Read

Medtronic to Separate Diabetes Business into New Standalone Company

Medtronic to Separate Diabetes Business into New Standalone Company

White House, IBM Partner to Fight COVID-19 Using Supercomputers

HHS Sets Pricing Targets for Trump’s EO on Most-Favored-Nation Drug Pricing

23andMe to Mine Genetic Data for Drug Discovery

Regeneron to Acquire Key 23andMe Assets for $256M, Pledges Continuity of Consumer Genome Services

CureIS Healthcare Sues Epic: Alleges Anti-Competitive Practices & Trade Secret Theft

The Evolving Role of Physician Advisors: Bridging the Gap Between Clinicians and Administrators

The Evolving Physician Advisor: From UM to Value-Based Care & AI

UnitedHealth Group Names Stephen Hemsley CEO as Andrew Witty Steps Down

UnitedHealth CEO Andrew Witty Steps Down, Stephen Hemsley Returns as CEO

Omada Health Files for IPO

Omada Health Files for IPO

Blue Cross Blue Shield of Massachusetts Launches "CloseKnit" Virtual-First Primary Care Option

Blue Cross Blue Shield of Massachusetts Launches “CloseKnit” Virtual-First Primary Care Option

Osteoboost Launches First FDA-Cleared Prescription Wearable Nationwide to Combat Low Bone Density

Osteoboost Launches First FDA-Cleared Prescription Wearable Nationwide to Combat Low Bone Density

2019 MedTech Breakthrough Award Category Winners Announced

MedTech Breakthrough Announces 2025 MedTech Breakthrough Award Winners

Secondary Sidebar

Footer

Company

  • About Us
  • Advertise with Us
  • Reprints and Permissions
  • Submit An Op-Ed
  • Contact
  • Subscribe

Editorial Coverage

  • Opinion
  • Health IT
    • Care Coordination
    • EMR/EHR
    • Interoperability
    • Population Health Management
    • Revenue Cycle Management
  • Digital Health
    • Artificial Intelligence
    • Blockchain Tech
    • Precision Medicine
    • Telehealth
    • Wearables
  • Startups
  • Value-Based Care
    • Accountable Care
    • Medicare Advantage

Connect

Subscribe to HIT Consultant Media

Latest insightful articles delivered straight to your inbox weekly

Copyright © 2025. HIT Consultant Media. All Rights Reserved. Privacy Policy |