Horror stories: When cybercriminals attack hospitals

Featured image

Share this article

Paubox healthcare breach

With the recent wave of cyberattacks to healthcare systems, let’s take time to talk about the consequences from such attacks. Below are some horror stories of cyberattacks to healthcare systems and the ramifications from these attacks.

1. The black market for X-rays. Due to numerous security holes, many hospital devices are not connected to the internet for protection. Beth Israel Deacon took this sensible approach with a computer storing their medical records. However, a serious problem occured when the system was due to a firmware update. The manufacturer sent a technician to do the job, unknowingly the technician conneted the device to the internet to do the update then left for lunch. When he came back the computer, it was so packed was malware that it was no longer functional. It turns out that someone from China had downloaded about 2,000 patient X-rays. Apparently, there is a huge black market for clean X-ray images. Chinese nationals can’t get visas to leave the country because they have infectious lung diseases, like tuberculosis. This means, a clean x-ray image is an extremely valuable commodity.

2. Massive Online Traffic Jam. Back in 2014 Boston’s Children Hospital was involved in a highly publicized lawsuit involving the psychological treatment of a teenage girl. Unfortunately for the hospital, the hacktivist group, Anonymous, decided to punish the hospital. Anonymous used a Distributed denial of service (DDoS) attack, jamming the hospital’s server with so much traffic that they had to be shut down. The attack was so widespread that it affected the entire IP range of Children’s, this included Harvard University and all of its hospitals. Overnight, Children’s had to outsource the Harvard network to a company to handle the overload.

3.  Faking out the doctors. Doctors at Mass General Hospital were sent an email with instructions to go to the hospital’s payroll portal, where they can enter payroll information to collect a bonus. The only problem was the portal was completely fake. Once the doctors entered in their financial information, the hackers used the information to change the direct deposit source to their own banks. The result ended in lots of purchases from Amazon and forcing Mass General Hospital to change how they pay their doctors.

4. The lure of Angry Birds. A nurse at Beth Israel Deaconess was looking for a little harmless fun. She decided to download the Angry Birds game to her Android Phone. Unfortunately, for her the website that she downloaded the game from was from Bulgaria. The site embedded malware into the game. When she used the phone to access her work e-mail, the malware recorded the login credentials and used it to send out a massive spam campaign (over 1 million emails sent) from harvard.edu. It was so bad that Verizon had to block Harvard as a spammer.

5. Pay up or else. Ransomware has been on the rise lately and healthcare systems have become prime targets for these type of attacks. As an example, we wrote about the case of Hollywood Presbyterian Center, where hackers held the entire hospital IT system hostage, till they got paid, which the hospital reluctantly did.

Considering all the pain points within a healthcare IT system and how undermanned most hospital systems are, expect more of these stories to occur.

About Paubox: Paubox is a provider of seamless encrypted HIPAA compliant email. 

 

Try Paubox Email Suite for FREE today.

 

Author Photo

About the author

Phuong Tran

Phuong Tran is a Carnegie Mellon University-Heinz College graduate with a degree in healthcare policy and management. In his spare time he enjoys discovering new restaurants and playing basketball.

Read more by Phuong Tran

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022