The ransomware attacks continue. There are several hospitals (at least five) that are rumored to have been attacked by ransomware in the past two weeks. They are trying to keep it quiet, but the attacks were largely successful in at least a few of the attacks. Two hospitals are known to have been without computer support for over a week. I know, because one of them is the one where I work.
Some systems were not affected because they were on different servers, but the common thread here is that all of the hospitals that were attacked used the same medical record reporting software. That may or may not be important. At any rate, the loss of this server affected everything: medical records, prescription tracking, payroll, scheduling, email, you name it, it has all been down for over a week. They can’t even make people pay for food from the cafeteria because the POS system isn’t working. No cash register means that they are letting us eat for free.
Payday is Thursday, and we are already wondering if we are going to get paid. We can’t issue new account numbers to patients, and everything is being done on paper. We are tracking patient location and status by writing on windows with dry erase markers. everything has been reduced to using pen and paper. My unit alone has three people per shift, and we are generating over 800 pieces of paper during every 12 hour shift. That works out to each of us filling out one form every 23 seconds. Every second for 12 straight hours. We aren’t administrative- we are a clinical unit. Those papers are there to document what we are doing. I don’t even know how we are getting anything done with patient care because we are so buried in paperwork.
Some people are being furloughed because their jobs are completely dependent on computer technology. Other departments (mine included) are working overtime to handle the additional workload. I suggested that it would be cheaper to send people with nothing to do up to the departments that need help with paperwork, rather than pay people overtime. That suggestion was ignored. The extra paperwork doesn’t require technical or medical training, it simply needs hands and a functioning brain. Instead, my unit is working overtime. I worked 60 hours last week, and 60 hours the week before. So yeah, I really hope that we DO get paid.
That has cut into my personal time, as well as into my blogging.
The other thing that I wonder is why are all of these ransomware attacks happening all of a sudden? In this case, the hackers are demanding $5 million from EACH hospital that has been hacked. Is it money? Some other motivation? Why now? Once is happenstance. Twice is coincidence. Three times is enemy action. The question is: Who is the enemy? Are we at war? Is this China? Russia? Iran? Or is it the Democrats trying to sow confusion? All of those sound farfetched, but what events of the last two years haven’t seemed even more unlikely?
We have already seen a bioweapon unleashed on the world, only to find out that our own government not only knew about the virus, they instructed us on countermeasures that they KNEW were untrue, but also that the guy in charge of responding was part of the team that developed it, and that our own government sponsored it. Then a part of our government used it as cover to rig a national election. I don’t thing anything is impossible at this point.
13 Comments
Brian_E · June 7, 2021 at 7:32 am
When rule of law breaks down, expect more lawlessness. All ‘conspiracy’ theories aside, it could be just as simple as that.
Ransom ware is often paid off in Bitcoin, which is far less traceable than cash or even electronic funds transfers. When it’s a crime that can be perpetuated from half-way around the world, and we have a government that presents as weak (or even accommodating to crime), it’s entirely understandable what we’re seeing.
And until the adults are back in charge: expect more of this sort of thing, or worse. Unfortunately.
TechieDude · June 7, 2021 at 8:38 am
That happened to my Radiation Oncologist’s office, years ago. Luckily I was through treatment. I’ve also had it happen to customers. Neither paid. They simply rebuilt.
Fact of the matter is, people that know what they are doing with security are expensive. And a lot of these business architectures grow organically, with no one ever looking at the big picture and thinking of cohesive security. Sounds like your shop skimps on your crew, they are probably skimping elsewhere.
I worked as a network engineer at a medical lab. They had a ton of disparate systems, everything from windows, to unix, to tandems. They were interconnected to tons of doctor offices and hospitals. We had a nice budget one year to put it right, but then it evaporated when priorities changed. Luckily, I got the security architecture in place. You just weren’t going to touch the holy of holies from the interwebs or a partner shop.
Couple thoughts to scramble your noodles;
First, you can buy hacking as a service. So who did this physically may not be the people that are collecting, or even running the show.
Second, the systems were probably hacked some time ago, awaiting a trigger, or a buyer.
So there’s not some Simon-bar-Sinister here rubbing his hands waiting for loot. I’m sure these hacks are purposeful.
I can tell you where it probably started though. With a numbnuts. A gilligan. Threat numero uno to any network.
Hinson · June 7, 2021 at 9:29 am
sociable.co/technology/prepping-cyber-pandemic-cyber-polygon-stage-supply-chain-attack-simulation/
Probing attack?
Battlespace prep?
If you do click the link, watch the second video.
SiG · June 7, 2021 at 10:30 am
The question is: Who is the enemy? Are we at war? Is this China? Russia? Iran? Or is it the Democrats trying to sow confusion? All of those sound farfetched, but what events of the last two years haven’t seemed even more unlikely?
As much as I really don’t like quoting myself, it fits in perfectly with my scenario from Friday. It’s the Democrats, in particular the Democratic Socialists of America, the power behind the throne.
Start out with The thing nobody’s talking about is that both of these cyber attacks – an oil pipeline and a meat processing plant – are the targets of the Green New Deal. That is, targets of the American Left. Add to it total government takeover of health care which has been a main priority of the socialists since Lenin was in diapers.
To paraphrase and extend Jen Psaki, “these are all private sector entities, and if they can’t protect you, their customers, the Federal Government has to take them over to protect you.”
Anonymous · June 7, 2021 at 11:40 am
> the Federal Government has to take them over to protect you
Like they did with the Obamacare insurance web site? You should get a white van and paperwork to be self-employed doing home visits with seniors and taking their blood pressure. Then if you also have the skills to help with industrial accidents at home (fall from a roof repair) that would also be marketable. Probably get an x-ray machine from ebay.
> Who is the enemy?
Human nature is that our tribal instincts want the enemy to be an outsider. Many just won’t consider if the enemy could be an insider; that’s a religious article of faith.
> I don’t thing anything is impossible at this point.
Gary North said his high school teacher showed the class around 1955 that Social Security would go bankrupt around 2011. How many national mainstream voices understood that but have been carefully not talking about it? Did Ron Paul actually say to seniors, no, your retirement is toast due to the baby boom and it can’t be helped? Similar argument about the federal reserve’s actual rate of currency inflation, and what that does to retirement plans. Similar argument about the Bill of Rights meaning what it plainly reads to say.
joe · June 7, 2021 at 6:56 pm
pretty sure we are all old enough, seen enough (especially in the last 13 years) to know our gov is capable of anything, including destroying our own country…and the lives of it’s people…and not giving 2 fucks while doing it…
Guy · June 7, 2021 at 9:27 pm
This happened at the laboratory I work at last year. We were down 3 weeks and my story sounds the same as yours, at least as far as how miserable it was for us.
Once it’s back up… It’s almost worse because everyone thinks you should be back to business but you’re still trying to get everything sorted out in your backlog.
21stCenturyCassandra · June 8, 2021 at 5:32 pm
Your hospital EMR was hacked? Sounds like an EPIC failure.
Troy · June 9, 2021 at 2:22 am
Why do I think this is an epic dad pun that only you two will get? 🙂
Tom from east Tennessee · June 9, 2021 at 9:10 am
groan, but EPIC.
Divemedic · June 9, 2021 at 3:11 pm
It wasn’t EPIC. The EHR I was referring to was just given a huge windfall from the Biden admin.
Kid · June 9, 2021 at 9:50 am
How many people have figured this out…
Jonathan · June 13, 2021 at 8:57 am
hmm, good question…
I wonder one thing – how many medical recording systems are there? My understanding is very few.
If all of the affected medical facilities use the same system, it could have a fundamental flaw – like SCADA systems with hard coded passwords. Or the software company could have been compromised. My understanding is that this type of software is constantly connected to the maker for updates, troubleshooting, license verification, etc
I know that viruses, hacking, etc seems to go in waves; this could be one gang growing before it gets slapped down, or it could be a “new normal” to over use an already overused phrase.
As pointed out above, computer security has been getting poor for years, and as budgets get tighter and positions get harder to fill, it will only get worse…
Comments are closed.