A Baltimore hospital is the latest health care provider to fall victim to cyberattacks in the pandemic.
"The biggest trend you're watching is ransomware is just exploding."
Adm. Mike Rogers, the former head of the NSA and U.S. Cyber Command, says the tactics haven’t changed: Hackers still mainly use phishing emails to enter systems and hold data hostage until they get paid. But something has changed...
"Particularly hospitals associated with caring for COVID-19 patients, they cannot afford to shut down. They cannot afford disruption. And when faced with that, they might have a higher probability of saying, look, we have got to stay online, pay the ransom," Rogers said.
The Greater Baltimore Medical Center is one of the largest community hospitals in the mid-Atlantic. Their phones were down when Newsy called them days after the attack, with staff declining, by email, interview requests. A spokesperson later said he couldn’t give an exact timetable for when their systems would be restored but that it wouldn't be "in a day or two.”
"I think there's a special place in hell for people who hack hospitals," says Thomas Hottman, spokesperson for Sky Lakes Medical Center. "First you panic and then you get busy."
A hospital in an isolated part of Oregon, Sky Lakes describes an attack in October. It slowed down covid testing, but that was the least of it.
"The procedures that are most heartbreaking are patients who were receiving radiation treatment for cancer. Because that's all computer controlled and the computers were off, they had to be rescheduled at a facility a mountain range or more away," says Hottman.
Around that time, the Department of Homeland Security issued an alert warning health providers of increased cybercrime. And the first known ransomware-related death occurred, after an afflicted hospital in Germany had to turn away a woman needing urgent care.
"It took several days for us to get back into some semblance of normal," says Hottman. "Still some systems are slow to come back, so gradually plowing ahead and getting through what it is we have to do."
Cybersecurity firm CrowdStrike attributed the malware used on Sky Lakes Medical Center to a Russia-based criminal group called Wizard Spider. The Oregon hospital decided not to pay the ransom, instead choosing to replace more than 2,000 computers and nearly 600 servers.
"People are more inclined right now in this time of uncertainty to open attachments, for example, open images associated with COVID-19 because we're all trying to figure it out. Hackers, criminals, nation states, they all see those trends and they're all trying to take advantage of it," says Rogers.
Experts say the threat comes down to human vulnerability. At Sky Lakes, employees now have more digital safeguards... and some still resort to old-fashioned paper.