[ad_1]
BURLINGTON, Vermont (AP) – Late in the morning on October 28, staff at the University of Vermont Medical Center noticed that the hospital’s phone system was not working.
Then the Internet went down, and the technical infrastructure of the Burlington-based center with it. Employees have lost access to databases, digital medical records, scheduling systems and other online tools they rely on for patient care.
Administrators have struggled to keep the hospital operational – canceling non-urgent appointments, reverting to paper-and-paper record keeping and redirecting some intensive care patients to nearby hospitals.
In its main lab, which performs around 8,000 tests a day, employees printed or wrote down the results by hand and passed them on to specialists across the facility. Obsolete and Internet-less technologies have experienced a revival.
“We went around and got all the fax machines we could,” said Al Gobeille, director of operations at UVM Medical Center.
The Vermont hospital had fallen prey to a cyberattack, becoming one of the most recent and visible examples of a wave of digital assaults holding U.S. healthcare providers hostage as cases of COVID-19 were spreading across the country.
On the same day as the UVM attack, the FBI and two federal agencies warned that cybercriminals were stepping up their efforts to steal data and disrupt services in the healthcare industry.
By targeting vendors with attacks that scramble and block data until victims pay a ransom, hackers can demand thousands or millions of dollars and wreak havoc until they get paid.
In September, for example, a ransomware attack crippled a chain of more than 250 US hospitals and clinics. The resulting outages delayed emergency room care and required staff to restore critical heart rate, blood pressure and oxygen level monitors with Ethernet cabling.
Weeks earlier, in Germany, the death of a woman became the first death believed to have resulted from a ransomware attack. Earlier in October, facilities in Oregon, New York, Michigan, Wisconsin and California were also plagued by suspected ransomware attacks.
Ransomware is also partly responsible for some of the roughly 700 private health information breaches, affecting an estimated 46.6 million people and currently under federal investigation. In the hands of a criminal, a single patient record – rich in details about a person’s finances, insurance, and medical history – can sell for up to $ 1,000 on the black market, experts say.
During 2020, many hospitals have postponed technology upgrades or cybersecurity training that would help protect them from the latest wave of attacks, healthcare security expert Nick Culbertson said.
“The amount of chaos that has just built up here is a real threat,” he said.
As COVID-19 infections and hospitalizations climb across the country, experts say health care providers are dangerously vulnerable to attacks on their ability to function effectively and manage limited resources.
Even a small technical disruption can quickly spill over to patient care when a center’s capacity is depleted, said Eric Johnson of Vanderbilt University, who studies the health impacts of cyber attacks.
“November has been a month of increasing demands on hospitals,” he said. “There is no room for error. From a hacker’s point of view, that’s perfect.”
A CALL TO ARMS FOR HOSPITALS
The day after the October 28 cyberattack, Joel Bedard, 53, of Jericho, arrived for a scheduled appointment at Burlington Hospital.
He was able to come in, he said, because his fluid drainage treatment isn’t high-tech, and it’s something he receives regularly while waiting for a liver transplant.
“I did it, they took care of me, but man, everything is down,” said Bedard. He said he had not seen any other patients that day. Much of the medical staff remained inactive, doing crossword puzzles and explaining that they were forced to document everything by hand.
“All the students and interns are like, ‘How did it work back then? “, He said.
Since the attack, the Burlington-based hospital network has referred all questions regarding its technical details to the FBI, which has refused to release any further information, citing an ongoing criminal investigation. Officials do not believe that a patient suffered immediate harm or that the patient’s personal information was compromised.
But more than a month later, the hospital is still recovering.
Some employees were put on leave for weeks before returning to their regular duties.
Oncologists could not access scans of older patients, which could help them, for example, compare the size of the tumor over time.
And, until recently, emergency room clinicians could take x-rays of fractured bones, but couldn’t send the images electronically to radiologists at other sites in the healthcare network.
“We didn’t even have the Internet,” said Dr. Kristen DeStigter, director of the radiology department at UVM Medical Center.
Soldiers from the State National Guard’s cyber unit helped hospital IT professionals scan the programming code of hundreds of computers and other devices, line by line, to clear any remaining malicious code that could re-infect the system. system. Many have been brought back online, but others have been completely replaced.
Colonel Christopher Evans said this was the first time the unit, founded about 20 years ago, has been called upon to accomplish what the guard calls a “real world” mission. “We have been training for this day for a very long time. time, ”he said.
It could be several weeks before all the related damage is repaired and the systems are functioning normally again, Gobeille said.
“I don’t want to spark people’s hope and be wrong,” he said. “Our people are working 24 hours a day, 7 days a week. They are getting closer and closer every day. “
It will be difficult for other healthcare providers to protect themselves against the growing threat of cyber attacks if they haven’t already, said data security expert Larry Ponemon.
“It’s not like hospital systems have to do something new,” he said. “They just need to do what they should be doing anyway.”
Current industry reports indicate that healthcare systems spend just 4% to 7% of their IT budget on cybersecurity, while other industries like banking or insurance spend three times as much.
Research by consulting firm Ponemon shows that only about 15% of healthcare organizations have adopted the technology, training and procedures necessary to manage and thwart the flow of cyber attacks that they regularly face.
“The others fly with their heads down. This number is unacceptable, ”Ponemon said. “It’s a pitiful rate.”
And that partly explains why cybercriminals have focused their attention on healthcare organizations – especially now, as hospitals across the country face a surge in COVID-19 patients, he said. declared.
“We are seeing real clinical impact,” said Dan L. Dodson, cybersecurity consultant for healthcare. “It’s a call to arms.”
___
Renault reported from New York.
___
The Associated Press’s Department of Health and Science receives support from the Department of Science Education at the Howard Hughes Medical Institute. The AP is solely responsible for all content.
[ad_2]
Source link