The ransomware attack on Ascension Hospital system continues to hold some services hostage | #ransomware | #cybercrime

A report from the U.S. Department of Health and Human Services sited over 460 ransomware incidents on US healthcare in 2023.

To find out why, WMUK asked Alan Rea, a professor of information systems and the co-director of cybersecurity programs at Western Michigan University.

“Healthcare systems are a big target for ransomware groups because the payoff is so great,’ Rea said.

But he warned organizations that paying the ransom doesn’t necessarily mean the computers are unlocked, the data is returned and the crises is over.

“An organization has to realize though that even with the payoff, there’s absolutely no guarantees that a ransomware group won’t still, you know, release some information.”

Rea said the ransomware gang taking credit for the hack is called Black Basta. CNN was one of the first news sites to report that link on May 10.

Rea said Black Basta is known as a “ransomware-as-a-service provider” who may have been hired for a cut of the profits to target the Ascension Healthcare System of 140 hospitals in 19 states.

Rea also warned that these cybercriminals typically set a deadline for pay off. And for Ascension, that deadline is fast approaching.

“Pretty much they’ve been following a timeline, and if they’re not paid off within 10 or 12 days, they usually start releasing information.”

Meanwhile, Ascension hired cybersecurity experts and notified federal authorities to investigate the attack and get services back online as soon as possible.

Ascension Borgess Hospital in Kalamazoo

The non-profit is updating its website regularly, where it
reassures patients they are the first priority and that all “Michigan hospitals, physician offices, and care sites across the state remain open and operational.”

On Wednesday there was new information on the Michigan regional update. Previously, it recommended patients needing prescriptions filled, should bring bottles from a previous refill to the pharmacy.

Now the website says “Ascension Rx retail pharmacies in Michigan cannot fill prescriptions.” Patients are advised to have the doctor send it to another pharmacy.

Off the record, personnel at Ascension Borgess in Kalamazoo said they are working overtime to protect patients and provide care since losing access to electronic patient records last week. They said the hospital needs a better contingency plan.

As far as contingency plans, Ascension Borgess referred WMUK to the Cybersecurity Event Update on its website where there’s an explanation of the “downtime procedures” currently in effect.

 While Ascension is just the latest healthcare provider crippled by a ransomware attack, Alan Rea said the industry has been working on better contingency plans. He said there needs to be set standards, but added, “I just think they’re in catch up mode.”

As far as the average person is concerned, there is something you can do to help before the next healthcare system goes down.

Rea recommended that everyone should follow the “3-2-1 rule” he teaches students.

“Three backups of your data. Right? On two different types of media and at least one offsite.”

For example, you could backup important medical information on your computer, on an external hard drive or a thumb drive, and then print a copy to keep in a file. But whatever you do, don’t store all three in the same place.

Having your medical information handy and updated will help medical personnel because the next ransomware attack could be in your hospital system.

Source link


National Cyber Security