back to article Lurie Children's Hospital back to pen and paper after cyberattack

For the second time in one week, cybercriminals have targeted a Chicago children's hospital, this time causing significant operational disruption. Lurie Children's Hospital said it pulled network systems offline as it continues to respond to "a cybersecurity matter" alongside outside experts and law enforcement agencies. …

  1. Neil Barnes Silver badge

    our overarching priority is to continue providing safe, quality care

    Finally! A hospital that suffers this sort of abuse that doesn't tell us data security is its highest priority.

    (I wouldn't want to suggest that the neanderthals that execute this sort of vandalism should be in need of the hospital's services. Oh no.)

    1. sitta_europea Silver badge

      Re: our overarching priority is to continue providing safe, quality care

      Death's too good for them.

  2. RJW

    Targeting a hospital - how low can people get?

    1. Clausewitz4.0 Bronze badge
      Devil

      "Targeting a hospital - how low can people get?"

      An Israeli businessman insured the World Trade Center against terror attacks a few months before the 9/11 and grabbed 1 Billion (or more?)

      So, pretty low...

      1. joejack

        Bad example

        I hadn't heard of this before, so got curious. Here's what I found FWIW:

        > There are several underlying assumptions at work here: that the World Trade Center must not have had terrorism insurance before Silverstein took over; that selecting such coverage was purely optional; and that because he "chose" to buy such coverage when he did, Silverstein must have known in advance that (and when) terrorists would strike.

        > It's important to note that Silverstein wasn't actually the sole leaseholder of the World Trade Center: He led a consortium of investors and lenders, all of which had a voice in deciding how much insurance coverage the properties would have, and each had some claim on whatever insurance monies were paid out.

        > Bear in mind, too, that when we speak of "terrorism insurance coverage," what we're actually speaking of is coverage that doesn't have a terrorism EXCLUSION. Moreover, upon signing that lease, Silverstein was obligated to insure the World Trade Center.

        Courtesy: https://www.snopes.com/fact-check/wtc-terrorism-insurance/

        But I would also add, Sept 11 was not the first terrorist attack on the WTC. So terrorism insurance should've been high on anyone's list.

  3. Mike 137 Silver badge

    "During El Reg's investigation, we were pointed to a December concept paper from the US Department of Health and Human Services' (HHS) cybersecurity strategy. [The paper] included proposals for enforcing new standards that if met, would offer financial support and incentives for hospitals."

    Unfortunately the four substantive pages of the HHS paper are so 'high level' that they provide no warranty of effective results. What's actually needed is not yet more policy but sufficient local resourcing and expertise to render the targets of attack maximally robust and resilient. As was proven by NotPetya in the UK, health services are typically wide open targets because they are not informed or equipped enough to address the threats realistically.

  4. Charles Ghose

    Cyber Attacks in Healthcare Call For Cyber Security Improvements

    With cyber attacks compromising sensitive patient information in US hospitals, it's evident that a reassessment of how prescriptions and health insurance claims are processed is long overdue. It's astonishing that despite advancements in technology and public awareness campaigns advocating for privacy settings on social profiles and caution against sharing personal information online, patient data such as date of birth, home address, telephone number, and in some cases, social security numbers or Medicaid/Medicare numbers, suffice for accessing and processing prescriptions and insurance claims.

    There's an urgent need for a better patient identification system that doesn't rely on such vulnerable personal information. Perhaps technologies that identify patients by their voice or face could be explored, although it's worth noting that even AI programs can clone voices and faces. The most effective solution lies in hospitals enhancing their cybersecurity measures.

    It's disheartening that it takes the threat of losing federal funding for hospitals to prioritize cybersecurity standards. Hospitals must not only prioritize patient health but also safeguard their personal data from cyber attacks.

    In conclusion, it's imperative for hospitals, health clinics, and pharmacies to prioritize the implementation of robust cybersecurity measures to protect patient information. This isn't just about complying with regulations but about demonstrating a genuine commitment to patient welfare and data security in an increasingly digital age.

    1. Ace2 Silver badge

      Re: Cyber Attacks in Healthcare Call For Cyber Security Improvements

      If my kid is sick enough to be in a children’s hospital - you propose to use some sort of idiotic voice or face id to identify them? While they’re in a hospital bed? Is that what you’re suggesting?

  5. JulieM Silver badge
    Boffin

    Interesting Opportunity

    There is actually an interesting opportunity here, to measure just how much more slowly a hospital runs when its computer systems are down.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like