Cyber security expert calls ransomware attack on UMC a ‘national security issue’

0
Cyber security expert calls ransomware attack on UMC a ‘national security issue’

LUBBOCK, Texas (KCBD) – The University Medical Center Health System remains under attack Friday evening.

On Thursday, the hospital confirmed a ransomware attack led to an IT outage which forced the hospital to divert incoming emergency and non-emergency patients via ambulance to nearby health facilities.

PREVIOUS STORY: UMC Health System on local and regional diversion due to ransomware attack (kcbd.com)

“This is a national security issue,” said John Riggi, National Advisor for Cybersecurity and Risk at the American Hospital Association in Washington DC.

Prior to joining the AHA, Riggi spent nearly 30 years with the FBI.

“Little did I realize that all of that previous experience on counter intelligence, international organized crime, counter terrorism was all directly relevant to cyber because it was the same bad guys using cyber as their means to attack us,” Riggi said.

UMC is the only level 1 trauma center within 400 miles.

“When hospitals are attacked, lives are threatened,” Riggi said. “When you have the only level 1 trauma center in the region shut down by foreign bad guys, ambulances on diversion, the next level 1 trauma center I understand is hundreds of miles away, you are putting people’s lives in jeopardy,” Riggi said.

Riggi said ransomware attacks are primarily perpetrated by Russian organized crime gangs based in Russia or within the sphere of influence of the Russian government.

“Quite frankly, they are provided safe harbor by the Russian government to conduct these attacks against the United States’ critical infrastructure and against western nations,” Riggi said.

Riggi said the FBI’s authority and power is limited when the attacks are orchestrated overseas.

“We are also seeing the phenomenon now where Russian ransomware gangs may be colluding with other nation state actors such as the Iranians, based on the U.S. government’s alert that just came out two weeks ago where Russian criminal ransomware gang were in fact working with Iranian cyber intelligence actors to conduct attacks against the U.S.,” Riggi said.

Riggi said to successfully combat the rise in sophisticated cyber attacks, hospital systems will need assistance.

“No individual hospital, as good as they are, can defend against these very sophisticated nation state sponsored attacks,” Riggs said. “We need the federal government to go after these bad guys like we did in counter terrorism.”

Riggi said there are generally two phases of a ransomware attack. He said the first phase involves the infiltration into the network.

“There is a whole industry, particularly in Russia, around perpetrating these ransomware attacks. There might be some groups whose sole function is to identify potential victim organizations and gain access. Then that group sells access to another ransomware group who will penetrate and conduct the attack,” Riggi said.

“Then there is what we call ransomware as a service. We have ransomware developers who are selling their ransomware to other franchisees to conduct attacks and then they share the proceeds. Then there are organizations that launder the money,” Riggi said.

Riggi said generally, once the criminals penetrate the organization, the criminals will try to steal patient health information and hold that information back for ransom. They will also try to encrypt the hospital system’s networks and infrastructure to shut down medical technology systems.

Riggi said healthcare systems are constantly being targeted by foreign-based cyber criminals, but their defenses block the majority of those attacks.

At this time, the AHA is not aware of any other hospital targeted by a high impact ransomware attack similar to UMC.

UMC stated it has enlisted the help of third-parties that have assisted other hospitals address similar issues.

According to the UMC website, the hospital system does not have a timeline for the full restoration of services.

While Riggi cannot speak specifically to UMC incident, he said in general, it can take up to 30 days to restore systems targeted by high level ransomware attacks.

UMC is directing patients to this page of its website for updates.

According to the latest statement from UMC, its healthcare facilities, urgent care clinics and UMC physician clinics remain open. However, due to the incident, some departments and providers are diverting or are on downtime procedures.

UMC advises patients with specific questions about their treatment to contact one of the health system’s care sites (i.e. Clinic, Radiology, Outpatient Surgery, etc.) or their provider directly.

link

Leave a Reply

Your email address will not be published. Required fields are marked *