Cyber Security concern in Health sector rises after a delay in treatment that caused death, followed by investigation of legal authorities 

We Never Thought it would lead to Death

Yes – The unexpected has happened. A female patient died due to a Cybersecurity attack. A ransomware attack had hit IT systems in a hospital in Düsseldorf, Germany on September 9 this year. The emergency care systems were disrupted disallowing the hospital from providing the necessary care to its patients. The unlucky woman was transferred 30 km away to another hospital. This 1-hour delay caused the death of the innocent patient. The attackers were able to compromise the hospital’s Citrix systems through a vulnerability that was announced in December 2019. No one can doubt the impact of such an attack had threatened human lives. With this said, IT security is an urgent matter that needs to be proactively addressed.

Ransomware. Are You Serious?

So how did Ransomware make all this disruption? A ransomware is a form of malware that encrypts files on a designated system. The attacker will then demand a ransom from the victim to decrypt the files and restore access after they pay. It is devastating to have important files inaccessible that would either damage a business or lead to a severe impact such as Death which is our case here.

Now, after the attacker gained the control and encrypted such confidential files, it would be very hard to restore the files and gain access again unless they pay the ransom which has no guarantee that the attacker will decrypt the files if he received the ransom. So, how can you react to the ransomware without paying the ransom? Unless you have a backup of the files, it is nearly impossible to get your files back. 

How to mitigate proactively

It all starts with how the attacker infiltrated the network of the hospital to deploy his malware and encrypt the files on that endpoint. Was it an unaware employee pressing a link to download the file? Or an email recipient opened his mail to check a PDF attachment with malicious code embedded? Or the Security posture of the hospital was not set to proactively prevent any kind of attack? 

Well, whatever the cause to this infiltration was, it always comes to the security configuration implemented, which gives another set of questions: 

1. Were the security devices configured to block malicious websites? 
2. Was the email security device configured to detect phishing emails?
3. Was the proxy configured to block access to suspicious or non-business websites?

There are too many assumptions on what actually happened and how the attacker gained that access. It is all related to one major point: Misconfiguration or in other words not following the Security Best Practices and following the regulations. 

Each organization should follow a Minimum-Security Baseline mechanism not only for international or local regulations, but also for all the devices deployed regardless of the vendor. Octopus Security is the Alarm system that will alert for such misconfiguration in real-time to ensure that an organization is following the vendor best practices and maintaining it during the operations not only on security primary devices, but also extended to Servers and network devices. Stay tuned for more information about Octopus VAR, a Next Generation Alarm system for IT Security Operations.