Massive ransomware cyberattack in U.K. Hits 16 Health Institutions, many doctors reported that they could not retrieve their patients’ files, but not to worry - no patient information was looked at or compromised

Perhaps doctors and nurses are clairvoyant?  Who needs records, anyway?

Cyberattack in U.K. Hits 16 Health Institutions
New York Times 
DAN BILEFSKY and RAPHAEL MINDER 
MAY 12, 2017
https://www.nytimes.com/2017/05/12/world/europe/uk-national-health-service-cyberattack.html 

LONDON — An extensive cyberattack hit Britain’s National Health Service on Friday, blocking doctors from gaining access to patient files, causing emergency rooms to divert patients and stoking fears about hackers’ ability to wreak havoc on vital public services.

Spanish and Portuguese companies, including Telefónica, Spain’s largest telecom operator, experienced a similar attack on Friday, and there were reports of so-called ransomware attacks in a number of countries, including Italy and Ukraine. It was not immediately clear if the attacks were coordinated or related.

The attack on the National Health Service seemed the most serious, since it had life-or-death implications for hospitals and ambulance services. Reuters reported that employees had been warned about the ransomware threat earlier on Friday.

Tom Donnelly, a spokesman for N.H.S. Digital, the arm of the health service that handles technology, said in a phone interview that 16 organizations, including “hospitals and other kinds of clinician services,” had been hit by a cyberattack.

“It is still ongoing,” he said. “We were made aware of it this afternoon.”

It is becoming clear that dependence on networked information technology to deliver patient care is a risky dependency indeed; far riskier than utopian health IT hyper-enthusiasts imagined (or cared to imagine).

The service’s digital arm said in a statement that the attack involved a variant of ransomware known as Wanna Decryptor.

Ransomware is a form of malware that encrypts data and locks out the user. The user is then asked to pay a ransom to unblock the computer. It has become an increasingly prevalent problem. Last year, a Los Angeles hospital paid $17,000 after such an attack; earlier this year, hackers shut down the electronic key system at a hotel in Austria.

On social media, several images circulated showing computer screens bearing a message that the user could not enter without first paying a $300 ransom in Bitcoin. Many doctors reported that they could not retrieve their patients’ files.

Paper, and non-networked information technology, does not have this en masse vulnerability and drawback.

N.H.S. Digital added, “At this stage we do not have any evidence that patient data has been accessed.”

As I have observed in other posts in the category of http://hcrenewal.blogspot.com/search/label/no%20information%20was%20looked%20at%20or%20compromised and http://hcrenewal.blogspot.com/search/label/Patient%20care%20has%20not%20been%20compromised:

The thieves and cybercriminals who stage these attacks are always "honest thieves."

In a pig's eye.

It said that the N.H.S. did not appear to have been the target of the attack.

... As of 3:30 p.m., 16 organizations within N.H.S. England had reported being affected, the statement said. (It did not immediately appear that the N.H.S. systems in Scotland, Wales or Northern Ireland had been hit.)

According to the BBC, hospitals in the cities of London and Nottingham, the town of Blackburn, and the counties of Cumbria and Hertfordshire had been affected.

If NHS was "not a target of the attack", then who else besides NHS was affected, I wonder?  And why were life-critical resources such as hospitals able to be penetrated at all?  These attacks have been ongoing for years now.  The security of hospitals needs to be a top priority.

In the northwestern seaside town of Blackpool, doctors had resorted to pen and paper, with phone and computer systems having shut down, according to the local newspaper, The Blackpool Gazette.

Billions of dollars were spent on now-useless computers, but fortunately, pen and paper still works.  There is clearly a lesson in that.
 

A bit to the south, in the seaside town of Southport, images on Twitter showed ambulances backed up outside the town’s hospital.

In Stevenage, a town in Hertfordshire, north of London, the health service postponed all non-urgent activity and asked people not to come to the accident and emergencies ward at the Lister Hospital.

Patient safety is clearly being compromised.  Hopefully I will not see the common bureaucratic boilerplate that it was not.  

... Spain’s national cryptology center said it was dealing with “a massive ransomware attack” affecting Windows systems used by various organizations, without naming them.

Later on Friday, Portugal reported a similar attack. Carlos Cabreiro, the director of a police unit that fights cybercrime, told the newspaper Público that the country was facing “computer attacks on a large scale against different Portuguese companies, especially communication operators.”

I reiterate a triad I learned from Unix elders several decades ago now:

• If you want information to be secure, do not put it on a computer. 

• If you have to put the information on a computer, do not put the computer on a network.

• If you have to put the computer on a network, do not expect the information to remain secure.

The hyper-enthusiasm phenomenon for mass health IT needs to adapt to the real-world risks, but instead seems mired in utopianism to the point where patient safety is being compromised.

Slowing down and/or rethinking care dependencies and security never seem to be an option.

-- SS

5/12/17 Addendum:

A colleague called my attention to this: 

Cyberattacks in 12 Nations Said to Use Leaked N.S.A. Hacking Tool
New York Times, May 12, 2017
https://www.nytimes.com/2017/05/12/world/europe/uk-national-health-service-cyberattack.html 

LONDON — An extensive cyberattack struck computers across a wide swath of Europe and Asia on Friday, and strained the public health system in Britain, where doctors were blocked from patient files and emergency rooms were forced to divert patients.

The attack involved ransomware, a kind of malware that encrypts data and locks out the user. According to security experts, it exploited a vulnerability that was discovered and developed by the National Security Agency.

The key passage is this:

The hacking tool was leaked by a group calling itself the Shadow Brokers, which has been dumping stolen N.S.A. hacking tools online beginning last year. Microsoft rolled out a patch for the vulnerability last March, but hackers took advantage of the fact that vulnerable targets — particularly hospitals — had yet to update their systems.

Hospitals, as I've written, are often an IT backwater.

Here is information on the attack vector:

The malware was circulated by email; targets were sent an encrypted, compressed file that, once loaded, allowed the ransomware to infiltrate its targets.

Reuters reported that employees of Britain’s National Health Service were warned about the ransomware threat earlier on Friday.

By then, it was already too late. As the disruptions rippled through hospitals, doctors’ offices and ambulance companies across Britain on Friday, the health service declared the attack as a “major incident,” a warning that local health services could be overwhelmed by patients.

Terrible.

-- SS