Tony Hsieh, Retired CEO of Zappos Passes Away; I was 46 years old

The New York Times

Vermont Hospital Patients Left Without Medical Records After Cyber ​​Attack

At lunchtime on October 28, Colleen Cargill was in the oncology unit at the University of Vermont Medical Center, preparing patients for their chemotherapy infusions. A new patient sometimes feels scared and cries, but the nurses try to make the situation cozy, offering them a mix of dried fruits and nuts, a warm blanket, a seat overlooking a garden. Then they work with extreme precision: they check platelet and white blood cell counts, measure all doses to one milligram per square foot of body area, before putting the person in a port and connecting them to an IV solution. However, that day Cargill had to double check. When he tried to enter his workstation, he was unable to do so. And it happened again. He resorted to the pneumatic tube system used to transport laboratory work. What he saw there was a red caution symbol, a circle with a cross. He walked to the security computer. It was also off. “I wasn’t scared, but then I noticed that my wireless phone wasn’t working,” he said. That was the beginning of the worst ten days of his career, he said. Cyber ​​attacks on U.S. healthcare systems have become something of a pandemic over the past year, as Russian cybercriminals have closed clinical trials and treatment studies for the coronavirus vaccine. They have also cut off hospitals’ access to patient records, in order to demand multi-million dollar ransoms for their return. To make matters worse, President Donald Trump complicated the response after the firing last week of Christopher Krebs, director of CISA, the cybersecurity agency responsible for defending critical systems from cyberattacks, including hospitals and elections, after Krebs question Trump’s unsubstantiated claims about voter fraud. The attacks have largely taken place in private, as hospitals rush to restore their systems – or pay the ransom discreetly – without revealing information that could compromise FBI investigations. Yet these have had a devastating and long-lasting effect, especially among cancer patients, workers and patients at Vermont’s largest medical system said. Its electronic medical record system was restored on Sunday, almost a month after the cyber attack. Meanwhile, doctors were forced to send hundreds of cancer patients elsewhere, said Olivia Thompson, a nurse at the cancer center. Staff resorted to written notes and faxes, as well as flipping through piles of paper to access vital information. They tried to reconstruct complex chemotherapy protocols using only their memory. And while the hospital has gone to great lengths to assure patients that most treatment could continue, some staff members worry that the full damage of the October attack was not well understood. “Recovering from something like this is going to take many months,” Thompson explained. “It is as if we are alone, and nobody understands the seriousness of the matter.” Elise Legere, a nurse at the cancer center, said she could compare the past few weeks to just one experience – working in a burn unit after the Boston Marathon bombing – and often wonders about the motivation for the cyber attack. “It’s like wondering what is the point of putting a bomb in an elementary school. What’s the point? ”He said. “There is a lot of evil in the world. Whoever orchestrated this attack knows well how devastating it is. ” ‘We hope there is panic’ The latest wave of attacks, affecting a dozen US hospitals, is believed to have been carried out by a particularly powerful group of Russian-speaking hackers who used data hijacking software via TrickBot, a Vast network of computers infected and used for cyberattacks, according to security researchers who are tracking the attacks. Hackers often work for profit. The FBI estimated that cybercriminals, using data-hijacking software called “Ryuk,” collected more than $ 61 million in ransoms over a 21-month period between 2018 and 2019, a record. The attacks slowed down last spring, when cybercriminals agreed among themselves not to hack hospitals amid the pandemic, according to security researchers. But just before the presidential elections, the groups resumed their attacks. “In the past, they targeted organizations around the world, but this time they targeted American hospitals very specifically,” said Alex Holden, CEO of Hold Security, a Milwaukee company. The FBI said it would not comment on the attacks in order not to affect current investigations. Holden and other cybersecurity experts said the targets and the timing of their occurrence, just weeks after the United States went after TrickBot, suggest that a possible motivation could be retaliation. In late September and October, fearing that cybercriminals could use data hijacking software to hamper the elections, the Pentagon’s Cyber ​​Command began hacking into TrickBot systems. Microsoft filed a lawsuit against the systems in federal court and successfully dismantled 94 percent of TrickBot’s servers. The takedowns turned TrickBot operators into “a wounded animal that fights back,” Holden said. His company captured online messages sent between the group, including a list of 400 US hospitals they planned to attack, and reported it to police. “We hope there is panic,” wrote one hacker, in Russian. US authorities warned hospitals of a “credible threat” of attacks on October 23, followed by an unusual series of attacks on hospitals. Several hospital networks – including the University of Vermont Health Network and the St. Lawrence County Health System in New York – claimed they received no ransom note. Others reported that the attackers were demanding “eight-figure ransoms, something regional health care systems cannot afford,” said Allan Liska, an analyst at Recorded Future, a cybersecurity firm. These unusual demands, along with the coordination of the attacks, make it “appear that this was a destabilizing attack” and not one for profit, he said. Holden said that many of the health systems chose to negotiate with their extortionists, even as ransoms run into the millions. “A large number of victims are dealing with these attacks on their own,” he added. The Inside Out In Vermont, the damage was carried out through an extensive network, hitting the cancer center especially hard. “I have very good friends from the intensive care unit who say, ‘It’s not that big of a problem, we just have to do paper records,’” said Cargill, the charge nurse. However, the cancer unit was severely delayed for weeks, and was only able to see one in four chemotherapy patients. Cargill spent the rest of the day turning away patients, an experience she cannot relate without bursting into tears, nearly a month later. In the days that followed, doctors tried to prioritize patients and recreate chemotherapy protocols using their memory, gradually aided by information from the backup records, said Legere, the unit’s nurse consultant. “They were trying to remember everything they knew about a patient, but none of that is accurate,” he said. “Our brains are not designed to be electronic medical records. That’s not safe, and we all know it. ” Patients, he said, “are very puzzled about when they will receive treatment,” and many cancer patients living in rural areas do not have the resources to drive four hours to Boston for treatment. “The Vermont situation seems intentional. It seems premeditated because it would cause a lot of panic, ”he said. “The federal and state response is what makes me feel very abandoned. Maybe there are things that I don’t see ”. Lawmakers have also accused the Trump administration of undermining the federal response. In an email to The New York Times, Senator Gary Peters, a Michigan Democrat and a member of the Homeland Security Committee, called Krebs’ firing by the president unacceptable, adding that it caused instability in his agency by trying to mitigate hospital attacks amid a growing pandemic. Administrators at the University of Vermont Health Network acknowledge that restoring services turned out to be much more difficult than they expected. “If you look at what other hospitals have been through, it was days, not weeks,” said Al Gobeille, executive vice president of system operations. “We thought that was what this would be. And we were wrong ”. He said that a large number of information technology professionals – 300 hospital employees, plus 10 members of the National Guard – were deployed to rebuild and clean 1,300 servers and 5,000 laptops and desktops. A team of seven FBI investigators was on the scene for two days after the blackout, he said, but has had little to no contact with administrators since then. With the restoration of the electronic patient record system, he said, the hospital’s systems have recovered between 75 and 80 percent. The motivation behind the attack is not yet clear. During a press conference last month, Stephen Leffler, president of the medical center, said he had not received any ransom demand. However, since then, at the request of the FBI, administrators have been careful not to discuss the ransom issue or confirm Leffler’s statement. This article originally appeared in The New York Times. © 2020 The New York Times Company

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.