You have to be pretty evil to attack hospitals
At least the Russian and Iranian operatives attempting to influence public opinion in advance of the election have ideological goals. Not so with a more dangerous class of hackers — freelancers willing to kill for money.
Federal officials warned last week of a new wave of online extortion attempts directed at hospitals and other health care facilities.
They already targeted two networks in the North Country last week: the St. Lawrence Health System, with hospitals in Canton-Potsdam, Gouverneur and Massena, and the University of Vermont Health Network, which in New York includes the hospitals in Plattsburgh, Malone, Elizabethtown and Ticonderoga.
Their technique is simplicity itself: Hack into a hospital’s main computer, take control of it, then inform management that unless a “ransom” fee is paid, the computer will be shut down or crippled.
Because we use technology to control so many things these days, including critical health care equipment, such action can be life-threatening. Just think for a moment of what could happen if, in the middle of an operation, surgeons suddenly found the electricity cut off. Even access to computerized medical records can be a matter of life and death.
Don’t doubt that the criminal hackers can — and will — do it. In September a ransomware assault nearly crippled about 250 health care facilities run by Universal Health Services. According to the Associated Press, that forced “doctors and nurses to rely on paper and pencil for record-keeping and slowing lab work. Employees described chaotic conditions impeding patient care, including mounting emergency room waits and the failure of wireless vital-signs monitoring equipment.”
In July, a similar malware cyberattack forced Watertown’s Samaritan Medical Center to take all its computers offline July 25. They weren’t fully restored until the first week of October — more than 10 weeks later. A silver lining is that Samaritan said no patient or employee data was accessed or acquired — that it knows of, at least.
Such an attack is dangerous at any time. Now, with some hospitals dealing with a new surge of COVID-19 patients, a ransomware assault could kill.
But the evildoers don’t care. In fact, the more dangerous their schemes, the more likely they are to be paid the money they demand.
Some means of deterring them has to be found. Given the difficulty in identifying the culprits, much less bringing them to justice, no effective enforcement mechanism has been found.
In concert with other countries — including those such as Russia and Iran where cyberwarfare already is being employed to influence our voters — a means of stopping the criminal element needs to be devised. The stakes are high enough that any nation refusing to cooperate ought to be considered to be in league with murderous cyberterrorists.
Whomever wins the election on Tuesday should consider such an international coalition against cybercrime to be a priority. Something needs to be done before the hackers perpetrate a real massacre.