Ransomware was a Big Issue Last Year

At the University of Vermont Medical Center in October, a cyberattack knocked out 5,000 computers on the hospital's IT network, disrupting everything from its financial systems to its radiology services and sleep studies. Patient care was at a halt and the outage lasted for weeks.

"We really did not anticipate the scope or the impact the attack had on our system and how far-reaching it was," the organization's president, Dr. Stephen Leffler, told reporters at a December news conference. Staff at the facility had been trained to handle outages of 3 to 5 days at most. What hit UVM Medical Center was far worse: "Thirty days of downtime, going across all systems, was a true challenge for our staff, it was a challenge for our patients."

UVM Medical Center is one of many health care facilities in the middle of a global pandemic, no less to fall victim to ransomware, an increasingly common form of malicious software that criminals use to seize control of computers and often refuse to unlock until the victim pays a fee.

In fact, health care providers were among the most popular targets for ransomware last year, according to new research by the cybersecurity firm Emsisoft. Emsisoft's review which is based on public announcements, local media reports, and information leaked by hackers on the web provides the clearest picture yet of the growing threat ransomware poses to the country.

The company's list shows that as many as 560 health care facilities, 1,681 schools, and 113 government agencies at every conceivable level were held hostage by ransomware in the United States last year. The software encrypted computers and other devices so that they couldn't be used, and in many cases, the hackers would not only lock up the data, but would also steal it.

The attackers didn't discriminate. They struck from coast to coast, targeting victims in California, Kentucky, Nebraska, Pennsylvania, and Virginia along with many other states. Some like the University of California, San Francisco agreed to pay off their attackers, to the tune of more than $1 million, even as security experts pleaded with victims not to give in for fear of encouraging more attacks. The epidemic of ransomware couldn't have come at a worse time. Education and health care workers were already struggling to adapt to quarantines and lockdowns, as well as an explosion of COVID infections that threatened to break the nation's medical system. Both sectors had also increasingly turned to technology to provide remote learning and health care, in a move that some cybersecurity experts warned early on could lead to new risks and points of failure. As late as December, UVM Medical Center was still limping along at 70% capacity, restoring systems one by one. In a press conference posted to YouTube, Leffler said the true impact of the attack wouldn't be known for months but that it had already cost the medical center $1.5 million a day in lost revenue alone. In the case of victims who refuse to pay up, ransomware attackers have been known to release internal files they've stolen. These dumps have contained everything from arrest records to the financial details of city governments. Why publish these data troves? Often, they serve as leverage for cyber criminals to extract more money from helpless targets, said Brett Callow, an Emsisoft threat analyst. "Like any legitimate business, attacking health and education sectors has proved to be profitable," he said. "They may also be softer targets. In the case of health care, they have unusually large attack surfaces spanning various networks and medical devices." In a blog post, Emsisoft said the breaches don't just represent a momentary inconvenience. The loss of data could come back to haunt many institutions, governments and perhaps consumers for years. "It is also entirely possible probable, even that data was sold to companies' competitors or passed to other governments," the company said. "Today's incidents represent a risk to national security, election security, economic security, individuals' privacy, health, and safety. It is, therefore, critical that solutions are found." In July, the Department of Homeland Security, along with state officials, issued a warning urging leaders in the private sector to safeguard their systems. Create offline backups of critical files, they said, and ensure all systems remain patched and up to date. Don't allow staffers to click on what may be malicious links or attachments in emails. In September, DHS's Cybersecurity and Infrastructure Security Agency released a 16-page official guide to ransomware, reflecting the gravity of the threat. The following month, the Treasury Department took its boldest step yet against ransomware, warning that those who pay hacker ransoms and even those who help victims pay up such as lawyers, insurance companies, or consultants could be held liable if the payments end up going to a country that is under U.S. sanctions. Despite U.S. officials' efforts over the course of the year to raise the alarm, incidents of ransomware continued to pile up, culminating in two attacks that grabbed national headlines: A breach affecting United Health Services, one of the nation's biggest hospital networks, and one against Tyler Technologies, a software vendor serving many state and local governments. The attacks came ahead of the presidential election, when some cybersecurity experts worried about the potential for ransomware to cause chaos and confusion around election results. One Georgia county acknowledged in October that its election infrastructure, including a voting precinct map and a voter signature database had been temporarily disabled by ransomware. "2020, without a doubt, was the worst year for every chief information officer, and it is absolutely driven by ransomware," said Kevin Mandia, the CEO of Mandiant, a top cybersecurity firm, at a recent event held by the Aspen Institute. As the year wound to a close, officials at UVM Medical Center expressed disbelief at the amount of damage a single attack could cause. It's an experience that an alarming number of institutions can now say they share. "If you'd told me [that] more than a month later, we'd still have functions that weren't normal, I would have bet you that you'd be wrong," Leffler said at the press conference. Luckily, UVM Medical Center was never confronted with a monetary demand, so it never paid a ransom. "Our IT staff did find a note, which did not request money, but included instructions to contact the criminals responsible for the attack," said Mackin. "UVM Health Network leaders did not follow those instructions and instead contacted the FBI."

At Dallas Network Services, we work with a large variety of businesses based in Dallas and Fort Worth (DFW) and the surrounding area such as Addison, Plano, Carrollton, Denton, Richardson, Garland and beyond. We also extend our reach outside the area to include all Texas and other states. We provide on premise server support including Microsoft Exchange as well as Cloud computing services and hosted solutions. We specialize project services, network support, desktop support and voice over IP (VoIP) business phones. Our fully managed IT services will improve your business reliability as well as your bottom line. Contact us today at www.dallasnetworkservices.com chat or call 214-696-6630. #DNS#dallasnetworkservices#techsupport#hacker#cybersecurity#MSP