On Thursday, the University Medical Center Health System in Lubbock, Texas, confirmed a ransomware attack that led to an IT outage which forced the hospital to divert emergency and non-emergency patients via ambulance to nearby health facilities.
UMC is the only level 1 trauma center within 400 miles.
The health system is operating under its downtime procedures while phone systems are down and its unable to view messages in the patient portal.
“This is a national security issue.”
“When hospitals are attacked, lives are threatened. When you have the only level 1 trauma center in the region shut down by foreign bad guys, ambulances on diversion, the next level 1 trauma center I understand is hundreds of miles away, you are putting people’s lives in jeopardy,” said John Riggi, National Advisor for Cybersecurity and Risk at the American Hospital Association and a 30-year FBI veteran.”
According to UMC’s latest statement, its healthcare facilities, urgent care clinics and UMC physician clinics remain open. At this stage, it is not possible to tell to what extent, if any, patient data has been compromised.
This past January, UMC notified 127,000 individuals of a data breach compromising their names, dates of birth, mailing addresses, Social Security numbers, diagnosis, and treatment information.
Emily Phelps, Director, Cyware had this to say:
“The ubiquity of ransomware attacks on healthcare entities highlights the critical need for collective defense and intelligence-driven security processes to proactively defend against these attacks. When healthcare institutions—especially those providing essential services to large regions—are targeted, the consequences go beyond financial loss. Ransomware not only cripples operations but endangers lives, as seen when vital emergency services are forced to divert patients. We must move beyond reactive strategies. Proactively harnessing shared threat intelligence and automation will empower organizations to detect and neutralize attacks before they disrupt essential services. Collaboration between private and public sectors is essential in building a unified defense against this growing threat.”
Stephen Gates, Principal Security SME, Horizon3.ai follows with this comment:
“Hearing the news about this healthcare system, my heart goes out to the families and individuals affected. There was a time when healthcare organizations were off-limits to attackers because they focus on saving lives. But that unwritten code of ethics no longer applies. This reality is what drove me to write the whitepaper, A Preemptive Approach to Defeat Ransomware in Healthcare. I’m sharing it not to sell anything, but because it offers a solution that healthcare organizations should seriously consider.”
Evan Dornbush, former NSA cybersecurity expert had this to add:
“Unfortunately, down time is just as damaging to data disclosure, putting the victim here in a very tough spot. The economics of ransomware currently favor the attacker. As long as it more expensive to be a defender, stories like this will continue to line our newsfeeds.”
I’m not being hyperbolic here. It’s only a matter of time before someone dies because of an attack like this. This is why action needs to be taken now so that never becomes a headline.
Like this:
Like Loading...
Related
This entry was posted on September 30, 2024 at 2:41 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Texas Hospital Diverts Patients Hundreds Of Miles After Ransomware Attack
On Thursday, the University Medical Center Health System in Lubbock, Texas, confirmed a ransomware attack that led to an IT outage which forced the hospital to divert emergency and non-emergency patients via ambulance to nearby health facilities.
UMC is the only level 1 trauma center within 400 miles.
The health system is operating under its downtime procedures while phone systems are down and its unable to view messages in the patient portal.
“This is a national security issue.”
“When hospitals are attacked, lives are threatened. When you have the only level 1 trauma center in the region shut down by foreign bad guys, ambulances on diversion, the next level 1 trauma center I understand is hundreds of miles away, you are putting people’s lives in jeopardy,” said John Riggi, National Advisor for Cybersecurity and Risk at the American Hospital Association and a 30-year FBI veteran.”
According to UMC’s latest statement, its healthcare facilities, urgent care clinics and UMC physician clinics remain open. At this stage, it is not possible to tell to what extent, if any, patient data has been compromised.
This past January, UMC notified 127,000 individuals of a data breach compromising their names, dates of birth, mailing addresses, Social Security numbers, diagnosis, and treatment information.
Emily Phelps, Director, Cyware had this to say:
“The ubiquity of ransomware attacks on healthcare entities highlights the critical need for collective defense and intelligence-driven security processes to proactively defend against these attacks. When healthcare institutions—especially those providing essential services to large regions—are targeted, the consequences go beyond financial loss. Ransomware not only cripples operations but endangers lives, as seen when vital emergency services are forced to divert patients. We must move beyond reactive strategies. Proactively harnessing shared threat intelligence and automation will empower organizations to detect and neutralize attacks before they disrupt essential services. Collaboration between private and public sectors is essential in building a unified defense against this growing threat.”
Stephen Gates, Principal Security SME, Horizon3.ai follows with this comment:
“Hearing the news about this healthcare system, my heart goes out to the families and individuals affected. There was a time when healthcare organizations were off-limits to attackers because they focus on saving lives. But that unwritten code of ethics no longer applies. This reality is what drove me to write the whitepaper, A Preemptive Approach to Defeat Ransomware in Healthcare. I’m sharing it not to sell anything, but because it offers a solution that healthcare organizations should seriously consider.”
Evan Dornbush, former NSA cybersecurity expert had this to add:
“Unfortunately, down time is just as damaging to data disclosure, putting the victim here in a very tough spot. The economics of ransomware currently favor the attacker. As long as it more expensive to be a defender, stories like this will continue to line our newsfeeds.”
I’m not being hyperbolic here. It’s only a matter of time before someone dies because of an attack like this. This is why action needs to be taken now so that never becomes a headline.
Share this:
Like this:
Related
This entry was posted on September 30, 2024 at 2:41 pm and is filed under Commentary with tags Hacked. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.