By KIM BELLARD
One of the redeeming aspects of crises is that, amidst all the confusion, suffering, and loss, there are usually moments of grace, of humans showing their best nature. With COVID-19, we’ve seen health care workers working long hours in dangerous conditions. We’ve seen other essential workers — including not just first responders but also grocery workers, meatpackers, trash collectors, and countless others — putting their own safety at risk so that our lives can go on. There are heroes all around.
Unfortunately, crises also tend to bring out the worst of our natures. With the pandemic, those trillions of dollars in play have brought out not just those seeking to profit, but also those looking to profit by breaking the law. We’ve seen people stealing or counterfeiting stimulus payments, defrauding COVID unemployment payments, getting fraudulent PPP loans, and stealing PPE.
And then there are the cyberattacks.
Last week the federal Cybersecurity & Infrastructure Security Agency, the FBI, and HHS issued a joint alert Ransomware Activity Targeting the Healthcare and Public Health Sector, warning that they have “credible information of an increased and imminent cybercrime threat to U.S. hospitals and healthcare providers.” I’ll spare you the technical details of the expected attack strategies or suggested mitigation efforts, but I will note that they warned: “CISA, FBI, and HHS do not recommend paying ransom.”
Hospitals could ask Universal Health Services (UHS) about that. UHS took some three weeks to resume “normal services” after a ransomware attack that hit their 250 U.S. hospitals in late September. UHS claims that “While our information technology applications were offline, patient care was delivered safely and effectively at our facilities across the country utilizing established back-up processes, including offline documentation methods.” E.g., paper records.
Or they could ask the family of the woman in Germany who died as the result of having to be diverted to another city for her medical emergency because the closer facility had suffered a ransomware attack. One suspects there may have been other deaths, and other adverse outcomes, due to cyberattacks, and that we can expect there to be more.Continue reading…