Navajo Nation Hospital Targeted By Large-Scale Ransomware Hack (nbcnews.com) 34
An anonymous reader shares a report: When Rehoboth McKinley Christian Health Care Services in Gallup, New Mexico, was hit with a cyberattack earlier this year, the hospital's staff had to revert to pen and paper to keep things running. Publicly available details about the hack are scarce, and the hospital has declined to comment beyond confirming that the security breach briefly forced its staff off its computers. But sensitive employee files posted online by a hacker group known for ransomware attacks and seen by NBC News indicated just how deep an attack the hospital had suffered: files on everything from job applications and background checks to staff injury reports.
Ransomware attacks, in which hackers gain access to a private system to hold it hostage for payment, have been a problem for businesses for more than three years. Some hospitals have poor cybersecurity, and unscrupulous gangs see them as potentially flush with cash and easily coerced with the threat of leaked patient data. Last year, at least 560 health care facilities were infected with ransomware, according to a survey from the cybersecurity company Emsisoft. In October, amid a particularly brutal wave of attacks, several federal agencies issued warnings of "an increased and imminent cybercrime threat" to hospitals. An advisory from the American Hospital Association laid out how the Covid-19 pandemic had encouraged cybercriminals "to exploit, victimize and profit" from ransomware attacks.
Ransomware attacks, in which hackers gain access to a private system to hold it hostage for payment, have been a problem for businesses for more than three years. Some hospitals have poor cybersecurity, and unscrupulous gangs see them as potentially flush with cash and easily coerced with the threat of leaked patient data. Last year, at least 560 health care facilities were infected with ransomware, according to a survey from the cybersecurity company Emsisoft. In October, amid a particularly brutal wave of attacks, several federal agencies issued warnings of "an increased and imminent cybercrime threat" to hospitals. An advisory from the American Hospital Association laid out how the Covid-19 pandemic had encouraged cybercriminals "to exploit, victimize and profit" from ransomware attacks.
Re: (Score:1)
Projectionware Attack
Some people do not the smart (Score:2)
It is time to take back our country from irrationality.
These scum need to be ended (Score:5, Insightful)
only go after hospital billing and wipe the DB (Score:2)
only go after hospital billing and wipe the DB or better wipe out the 3rd party middle man only
Re: (Score:2)
Because everybody knows that hospitals don't need revenues to operate.
Re: (Score:2)
and the ER must cover you even if you can't pay
Re: (Score:1)
Going after Navajo Nation (Score:2)
is certainly not "punching up"?
Re: (Score:2)
A dude is fed up with having birds shit on his car. So he dumps a huge pile of bread in a nearby parking lot. The birds get lured to the parking lot. They shit all over other cars and also have many, many babies. Some of the cars are so covered in shit that they get into wrecks.
The moral of the story is you should punch the guy who gave a bunch of bread to shitbags instead of simply covering his goddamn car properly.
Re: (Score:2)
At some point these vermin will be directly responsible for someone dying. I sincerely hope they are caught and charged with premeditated murder.
There is no information indicating that they knew they were targeting a hospital. Also, murder in the first degree would be a huuuge stretch. Realistically, you would be lucky to get the charge of involuntary manslaughter to stick.
Re: (Score:2)
Re: (Score:2)
Seems very unlikely when you consider that they rarely face charges.
Re: (Score:3)
At some point these vermin will be directly responsible for someone dying. I sincerely hope they are caught and charged with premeditated murder. As they deserve.
Yes, that's the nerve they are approaching.
Financial crimes across the globe are a dime a dozen. People have identities and bank accounts stolen every day. Insurance systems are set up for it. While some nations will have extradition, investigators won't do much work until losses are in the billions.
But start mucking around with hospitals, especially if someone dies, and you're getting into things people care about. Not only do they have strong emotional pull for investigators, but with the population an
Re: (Score:2)
These circles need to be ended (Score:2)
Crypto a bank, or large business and I will just shrug, and figure they probably had it coming.
Says the person who doesn't have an account with that bank, or do business with that company. Why do people who always start a sentence with "not my problem" always finds out it eventually gets around to being their problem? At what point do people realize ransomware isn't going to stop at those things they don't like or are apathetic to, and move on to those things they do care about?
Incremental backup and restore... (Score:2)
Incremental backup and restore, at the hardware level so nobody can mess with it. How hard can it be? Rhetorical question of course. It can be hard, and the market has to demand it. For now we've got vulnerable software solutions for this problem, and any backup is only as good as a restore test--which is the really hard part of knowing you have a good backup in place.
Re: (Score:2)
Still have to make Torvalds happy about ZFS.
https://itsfoss.com/linus-torv... [itsfoss.com]
Re: (Score:2)
Even better, a copy on write filesystem. The old version of everything is still there so you don't even have to wait to find and restore a backup. You just revert to the last good snapshot.
Re: (Score:2)
I've mentioned this to them, w
Going after the Navajo Nation (Score:2)
Ransomware attacks should be considered terrorism. (Score:2)
Ransomware attacks should be considered terrorism and acts of war. In war it's legitimate for the state to kill enemy civilian personnel (in WWII the British, for example, bombed more than one Gestapo HQ) and it should be legitimate to kill computer terrorists without warning.
Law should not be a suicide pact and it should be understood law is not a panacea (which is why we have wars when law fails). Computer terrorism is an act of war. Start killing and get good at it or the problem will only escalate even
Re: (Score:2)
How do hospitals get away with poor security? (Score:2)
There is an easy fix. Hospitals have to be accredited by the State. The States can thus require hospitals (and large provider organizations) to follow CIS hardening guidelines and be fully HIPAA and PCI compliant if they want to see patients,
The Answer? (Score:2)
Every time a ransomware group demands money, that money should be paid--into a hit contract on the ransomware group.
Why pay millions to a ransomware group with an iffy history of actually fixing your stuff, when you can pay 3 million to some psycopath to bring you the information you need AND their head?