back to article Huge nonprofit hospital network suffers IT meltdown after 'security incident'

America's second-largest nonprofit healthcare org is suffering a security "issue" that has diverted ambulances and shut down electronic records systems at hospitals around the country. CommonSpirit Health, a Chicago-based organization that has more than 1,000 facilities and 140 hospitals across 21 states, this week copped to …

  1. Throatwarbler Mangrove Silver badge

    Is it time?

    Can we call ransomware scumbags terrorists now?

    1. doublelayer Silver badge

      Re: Is it time?

      It depends. What do you want that to accomplish? If we use "terrorist" as just a type of criminal that could be better or worse than a different kind, then no because the definition tends to include committing violence for a political end and neither of those happened here. If it's now to be used for criminals that cause large amounts of damage and we want to put extra energy into capturing them and terminating their activities, sure, but that's probably a different word.

      I think the best approach is to have a new term for the type of criminals this contains, as overloading the word terrorism hasn't produced useful results in the past and can lead to unexpected events.

      1. NapTime ForTruth

        Re: Is it time?

        Tourists, then?

        Because they visit your network, shite everything up, collect souvenirs, and eventually - but never soon enough - depart, leaving graffiti, trash, and more than a modicum of chaos.

      2. Throatwarbler Mangrove Silver badge

        Re: Is it time?

        I want to see the sort of person who distributes ransomware to hospitals sent via extraordinary rendition to countries with extremely dubious human rights records, where said individuals will be tortured to death. Does that clear things up?

        1. VoiceOfTruth Silver badge

          Re: Is it time?

          So send them to the USA?

        2. doublelayer Silver badge

          Re: Is it time?

          The choice of words wouldn't really help with your goals. The actions you recommend are illegal under international law, so if you want them to happen, you need a country that's willing to ignore that (obviously, there are several who do that already). Countries who have done those things to terrorists don't do it because they're described as terrorists. They do it because they really dislike those people. Therefore, renaming the crime "terrorism" isn't going to convince those countries to change tactics, as they could do that right now no matter what the crime is called.

          We already know what happens to ransomware creators when they do get caught. Earlier this week, this paper ran a story about the sentencing of one of them to twenty years in prison (it could have been forty but presumably they cooperated with investigators). That's not what you want to happen to them, perhaps, but it is quite severe. The problem is that a lot of people involved in ransomware aren't getting to that point. Either they have good opsec and the investigators failed to identify them, they hide their activities and investigators lack evidence to convict them, or they're in a location where their host won't extradite or charge them. Renaming them terrorists won't fix any of those problems, because if it could, it would have been done for a lot of different kinds of crime.

        3. Dacarlo

          Re: Is it time?


      3. katrinab Silver badge

        Re: Is it time?

        Well calling them terrorists would allow crypto exchanges who process ransomware payments to be charged with financing terrorism.

        1. doublelayer Silver badge

          Re: Is it time?

          No, I'm afraid it would not. If they knowingly process transactions for criminals now, they're already chargeable for money laundering if not accessories to the crime itself. If those criminals are terrorists, that's still what they get charged with. Crimes along the lines of "funding terrorism" apply to people who give money to those criminals, not people who take money and process it. Many of those exchanges would argue in either case that they don't know where the money came from, which wouldn't always work but might in some cases be true.

  2. VoiceOfTruth Silver badge


    -> We take our responsibility to ensure the security of our IT systems very seriously.

    1. Throatwarbler Mangrove Silver badge

      Re: Bingo!

      Victim blaming! Drink!

    2. Halfmad

      Re: Bingo!

      Next they'll offer surviving patients identity protection for a year.

  3. Anonymous Coward

    Just to help out

    PR Checklist

    1 - Nothing to see, move along (complete)

    2 - A limited breach may have occurred but we have no evidence that any records were extracted.

    3 - We have fixed the problems and are working with law enforcement to identify the perpetrators.

    4 - There may have been some records extracted and we are working to determine how many and what sort of records.

    5 - It's on the dark web. Sorry about that. Our thoughts and prayers go out to you.

    1. Anonymous Coward
      Anonymous Coward

      Re: Just to help out

      yaaaaaawnn. we know. let's move on.

  4. Winkypop Silver badge

    Shocked, shocked I am!!!

    A non-profit health provider in the US?

    1. doublelayer Silver badge

      Re: Shocked, shocked I am!!!

      I think a lot of large U.S. hospitals work that way. The places providing the care may be nonprofits, but that's not the same as free or charged to governments. It just means that the money collected from patients goes to a fund to continue upkeep of the facility, not to shareholders.

  5. Mr. V. Meldrew

    Computer says.....wrong hospital.

    Whilst spending 23 hours on a hospital trolley about 2 weeks ago I had time to listen in to the bullshit fed to our great NHS workers.

    The best one was that a number of routine refferal cases had been sent to Manchester (UK) Royal Infirmary whilst the ones due for emergency care ended up in maternity care. Thankfully, yet sadly, old Ted in a trolley opposite to me couldn't give a rats arse where he was abandoned and so seemingly did his "carers".

    The meals for the want of a better description had been ordered on their new IT system.

    I wonder if the events in the USA and UK were by any chance related? I knew we were all doomed the following day when Peter had swapped his shiny new iPad with his trusty hand towel and pen for meal order.

    Best wishes and god bless to all on ward 9, Manchester Royal Infirmary.


  6. LoPath


    I took my wife to the walk-in clinic on Wednesday. They said "oh, our computers are down" when we checked in. Absolutely every aspect of the visit was done on paper. Even left with a handwritten prescription and a work note, also written on a prescription pad. Her simple 15 minute visit resulted in a pile of at least 10 pages. Somebody's going to be very busy doing manual inputs if they ever get their computer systems back online.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like