LUBBOCK, Texas (KCBD) – The University Medical Center Health System continued to be under attack Friday night.
The hospital acknowledged Thursday that a ransomware attack caused an IT outage that forced it to divert emergency and non-emergency patients arriving by ambulance to nearby medical facilities.
Previous article: UMC Health System (kcbd.com) on local and regional diversions due to ransomware attacks
“This is a national security issue,” said John Riggi, national advisor for cybersecurity and risk at the American Hospital Association in Washington, D.C.
Prior to joining AHA, Rigi worked for the FBI for nearly 30 years.
“Little did I know that my previous experience in counterintelligence, transnational organized crime, and counterterrorism would all be directly related to cyber, because the same bad guys use cyber as a means to attack us. Because it was,” Rigi said.
UMC is the only Level 1 trauma center within 400 miles.
“If a hospital is attacked, lives are threatened,” Rizzi said. “When the only Level 1 trauma center in the area is shut down by foreign bad guys and the ambulances are being repurposed, even though it’s my understanding that the next Level 1 trauma center is hundreds of miles away. , you’re putting people’s lives at risk,” Rigi said.
Rigi said ransomware attacks are primarily carried out by Russian organized crime groups based in Russia or within the Russian government’s sphere of influence.
“Frankly, they are being provided a safe haven by the Russian government to carry out attacks against critical U.S. infrastructure and against Western countries,” Riggi said.
Rigi said the FBI’s powers and authority are limited if the attack is organized overseas.
“Also, based on the U.S. government’s warning just two weeks ago that Russian ransomware criminal organizations are in fact collaborating with Iranian cyber actors, we are also aware that Russian ransomware organizations are collaborating with other nation-state actors such as Iran. “We are also now seeing a phenomenon where intelligence personnel may be colluding with the United States to carry out attacks against the United States,” Rigi said.
Riggi said hospital systems will need help to successfully deal with the increasing number of sophisticated cyberattacks.
“Individual hospitals, no matter how good they are, cannot defend against these highly sophisticated state-sponsored attacks,” Riggs said. “We need the federal government to hunt down these bad guys, just like we did in counterterrorism.”
Rigi said ransomware attacks typically have two stages. He said the first stage involves infiltrating the network.
“Especially in Russia, there is an entire industry trying to carry out these ransomware attacks. There may be several groups whose sole role is to identify and gain access to potential victim organizations. , that group then sells access to another ransomware group that infiltrates and carries out attacks,” Riggi said.
“And then there’s something called ransomware-as-a-service. There are ransomware developers who sell ransomware to other franchisees to conduct attacks and then split the proceeds. And then there are organizations that launder money. There are also,” Rizzi said.
Riggi said that typically when criminals infiltrate an organization, they will try to steal patient health information and hold that information for ransom. They will also seek to disrupt medical technology systems by encrypting hospital system networks and infrastructure.
Rigi said health systems continue to be targeted by foreign-based cybercriminals, but that their defenses are blocking the majority of these attacks.
At this time, AHA is not aware of any other hospitals that have been targeted by high-impact ransomware attacks similar to UMC.
UMC said it enlisted the help of a third party who has helped other hospitals deal with similar issues.
According to UMC’s website, the hospital system has no plans for a full restoration of service.
Riggi could not speak specifically about the UMC incident, but said that in general, systems targeted by high-level ransomware attacks can take up to 30 days to recover.
UMC directs patients to this page on its website for the latest information.
According to UMC’s latest statement, its medical facilities, urgent care clinics and UMC physician clinics remain open. However, some departments and providers have changed operations or implemented downtime procedures as a result of this incident.
UMC advises patients with specific questions about their treatment to contact one of the health system’s care facilities (e.g., clinic, radiology, outpatient surgery) or their health care provider directly.
Copyright 2024 KCBD. Unauthorized reproduction is prohibited.
