(844) 627-8267
(844) 627-8267

Black Basta Ascension Attack Redux — can Patients Die of Ransomware? | #ransomware | #cybercrime

16 days on, huge hospital system continues to be paralyzed by ransomware—and patient safety is at risk.

It’s been more than two weeks and Ascension Health is still suffering a crippling ransomware outage. It’s not getting any better and there’s no end in sight.

Meanwhile, patient outcomes are getting worse, say reports—thanks to paper-shuffling delays to care, dangerous errors and worrying omissions. An anonymous insider alleges an attack was bound to happen sooner or later, due to lack of investment.

Here we are again. In today’s SB Blogwatch, we ponder government intervention.

Your humble blog­watcher curated these bloggy bits for your enter­tain­ment. Not to mention: Wild knots (or not).

Inglorious Basta(rds)

What’s the craic? KUT’s Olivia Aldridge and Carmel Wroth report: How the Ascension cyberattack is disrupting care

Lack of safety checks
Hospital staff are forced to write notes by hand and deliver orders for tests and prescriptions in person in the ongoing fallout from a recent ransomware attack. … A lack of safety checks with these backup methods has introduced errors.

Ascension is one of the largest health systems in the United States, with some 140 hospitals. … Ascension has not yet confirmed whether patient data was compromised.

Some of Ascension’s electronic health records systems [are] affected, along with systems used to order … tests, procedures and medications. Some phone capabilities have also been offline, and patients have been unable to access portals used to view medical records and get in touch with their doctors. … Orders for medication, labs and imaging are being handwritten and then distributed by hand to various departments … and every task is taking longer to complete.

This does not sound good. The Gray Lady’s Reed Abelson adds: Cyberattack at Ascension Hospitals Persists

Hospital mortality rises
The dangers of missing pieces of a patient’s history are palpable. … Studies have shown that hospital mortality rises after [a] cyberattack.

Many of the routine safeguards have not been available. Nurses … have grown far less certain that doctors have received important updates of a patient’s status. … Patients have waited for long stints in emergency rooms, and their treatments have been delayed.

Ascension systems remain down indefinitely. [It] has not offered a timeline for restoration. … There are concerns that the hackers could release private medical information, and patients have already begun filing federal lawsuits against Ascension. …

Remind me: Who’s behind the attack? The Milwaukee Journal Sentinel’s Sarah Volpenhein obliges: What is Black Basta

The cyberattack … involved a type of ransomware called Black Basta. … In the days immediately following the Ascension hack, the FBI and other federal entities … issued a joint advisory, warning about Black Basta and providing instructions on how to protect against it and the group of cyber criminals known by the same name. … Health care organizations are attractive targets … because of their size, their heavy reliance on technology, their access to lots of personal health information and the unique impacts from patient care disruptions.

Black Basta reportedly raked in more than $100 million in bitcoin since it emerged in early 2022. … There is evidence to suggest Black Basta uses stolen credentials. … Once they’ve infiltrated a system, Black Basta hackers move about and explore the computer network, gaining higher-level access, to find and steal sensitive data. … They then use ransomware to lock their targets out of their systems.

They make it sound easy. EndlessNameless thinks the government should “fine them, heavily:”

Imagine having a network so poorly segmented that some random dunce can download malware that spreads to your billing, inventory, and records systems. I know “zero trust” is almost a management buzzword at this point, but we have the technology to prevent these kind of attacks from hitting critical infrastructure.

We should demand better.

In related news, U.S. HHS is investing $50 million in protecting hospitals. Cue much eyerolling from taylodl:

$50 million is a drop in the bucket.

Isn’t it past time we created national healthcare patient systems? We can nationalize the IT part, and according to all the debates we’ve had about national healthcare, that alone would save us billions of dollars every year.

But what could Ascension have done differently? This Anonymous Coward alleges an allegation:

I happen to know that Ascension Health Care had Windows 2012 servers (out of support, and thus unpatched, for over a year) still in production as recently as April. So as much as I despise the attackers, it’s like walking around with big denomination bills hanging out of your pocket and being shocked you were mugged. … The C-levels who implement policies that enable and encourage cyber attacks should be fed through the same meat grinder (slowly) as the attackers.

They have a lot of poorly managed and redundant systems — they’ve been particularly bad about actually consolidating their IT operations among all their acquisitions, they just keep running systems in parallel. [It’s a] mess of a company, created by combining multiple poorly run companies into a big poorly run company. Nothing surprising about this attack.

Is that entirely fair? BlackJack101 waxes sympathetic:

Where is this infinite well of A class security professionals who are available to secure every facet of an organization’s people, processes, supply chain, etc. that can stand up to determined and or govt sponsored hackers? My hat is off to my former colleagues in corporate IT that are trying their best to mitigate these occurrences given the real world constraints that we are all subject to.

However, DickeyFuller isn’t so charitable:

Maybe if the senior management weren’t all making $1,000,000 / year they could afford to buy [a] backup system and a proper CISO. While we’re at it, how is it that a CEO making that kind of salary still has their job after a major operational failure like this?

Yet they’re still accepting emergency patients, rather than divert ambulances to competing hospitals. u/Objective-Cap597 has first hand experience:

It’s incredibly negligent that not all of their hospitals are on diversion. The one I work at has not been … and it was so overwhelming, dangerous, and an avoidable contributor to poor patient outcomes. … Labs get lost and need to be redrawn, sometimes taking 6-10 hours, images take over a shift to get back and you can’t see the images yourself.

The ambulances bring in the really sick folk. … Even if you want to prioritize them you can’t because the system is nonfunctional. … Things are so much slower and mistake prone. Can’t put in orders, can’t add orders, can’t communicate results, everything is brought over bit by bit on a fax machine. There is no way bad outcomes haven’t happened and won’t continue to happen because of this. … The fact that they haven’t put some of these hospitals on diversion means they don’t give a damn about our license or the safety of patients.

Meanwhile, Local ID10T takes no prisoners:

Kinetic response required: These types of attacks deserve to be treated as a terrorist attack.

And Finally:

Infinitely tangled knots and such

Previously in And Finally

You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites—so you don’t have to. Hate mail may be directed to @RiCHi, @richij, @[email protected], @richi.bsky.social or [email protected]. Ask your doctor before reading. Your mileage may vary. Past per­formance is no guar­antee of future results. Do not stare into laser with re­maining eye. E&OE. 30.

Image source: ClearMaxim (cc:by; leveled and cropped)

Recent Articles By Author

Source link


National Cyber Security