Over 150 Total Lots Up For Auction at One Location - CA 05/31

What the NotPetya malware strike showed the healthcare industry

by Thomas Dworetzky, Contributing Reporter | November 07, 2019
Cyber Security
Slate has just excerpted “Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin’s Most Dangerous Hackers,” by Andy Greenberg, out now from Doubleday, recounting the worst malware strike to date.

When Russian hackers launched the NotPetya attack against the Ukraine on June 27, 2017 things got global, fast.

That strike may have been part of a long-standing regional conflict, but it quickly spread, laying waste to servers throughout the world and across all business sectors — including those related to healthcare.

Here are a few of the main takeaways from the excerpt:

There are no borders
The Russian military intelligence hacker group known as Sandworm targeted the Ukraine, but within just hours the malware spread via the Internet. For those in cybersecurity, the clear implication is that the global is local, and that 360-degree awareness of potential threats is needed at all times.

“Maersk, the world’s largest shipping firm, lost $300 million. FedEx lost $400 million. Drug maker Merck would eventually tally its losses at $870 million. In total, NotPetya would be responsible for $10 billion in damage,” according to the excerpt.

The speed of these attacks is almost unimaginable: An IT expert at Merck, for instance, told Greenberg that “the company had lost 15,000 Windows machines to NotPetya in 90 seconds.”

Healthcare IT vulnerabilities are about way more than financial losses or business delays
Bad as such losses were, the excerpt noted that “there was a less quantifiable element of the malware’s damage: its effects on hospitals, and the lives of the humans inside of them.”

The use of software and companies with servers positioned around the globe increases risks
The malware struck, for example, Sutter Health, with 24 hospitals and clinics. Jacki Monson, Sutter's chief privacy and information security officer, was alerted and determined that the malware had not hit its servers directly, but it knocked out popular transcription service Nuance, which has servers and offices in 70 locations around the globe.

“Nuance’s transcription service for electronic medical records, aided by the company’s team of human transcriptionists, was used by hundreds of hospitals and thousands of clinics around the world. And that’s where the real toll of its outage would be felt,” according to the excerpt.

Sutter switched to a Nuance competitor but that took two weeks. “Within just 24 hours, Sutter was facing a backlog of 1.4 million changes to patients’ records,” the book recounted — noting that these changes by doctors had major health implications.

You Must Be Logged In To Post A Comment