Ransomware forces hospital to turn away ambulances Ransomware scumbags have caused a vital hospital to turn away ambulances after infecting its computer systems with malware. The University Medical Center in Lubbock, west Texas, has been forced to severely limit operations following the cyberattack. The non-profit hospital was hit on Friday by ransomware operators. Services …
"two-thirds of healthcare facilities surveyed by the infosec shop suffered at least one ransomware infection and over half had paid criminals to regain control of their networks."
Now, I may be jumping to conclusions, but could the reason healthcare is being targeted, because of the 50% payout?
Seem like pretty juicy targets if I was that way inclined.
I'm more alarmed by the fact that the hospital refused patients just because it couldn't update it's computer overlord before intaking someone. This kind of crap is supposed to be the impossibly post-dystopian themes we make fun of in sci-fi horror movies as a bad trope, not something we're actually living through. A goddamn database shouldn't get in between someone and getting critical medical attention.
sadly, it isn't just the intake of the patient that is impacted, the patient requires a bed, meds, treatment, from staff, all of whom have to be 'nominated' and assigned to that task, to the outside eyes, it is 'just' accepting the patient, and I would hope in extremis, the hospital would revert to pen and paper, but for the day to day stuff, EVERYTHING goes into the system, and in US there are costs to be kept up with too :o(
in UK, although free at point of contact with patient, we still need to account for everything associated to the patients needs
did around 7 years support to the major hospitals in my region, we never had to go through this, but the D/B was a beast, glad to say not my responsibility, but the DB Admins earned their pay :o)
A few hours later the statement now reads: "out of an abundance of caution, the Emergency Center continues to divert a select number of patients"
No doubt a lot of resources will now be spent figuring out whether the correct calls were made at the correct time by highly stressed people with limited information during a rapidly evolving situation.
This just shows a very poor understanding of how modern hospitals work. Even something as simple as viewing x-rays is done via a PC today. And no, they can't keep old technology such as developed films as bavk up. All that old tech would clutter the place and then you have the cost of maintaining it and training people on it. For a situation that may never happen.
And how do you get test results to clinicians when they are now electronically sent to their devices instead of having people running all over a medical campus? The people who may have done that in the past are no longer there.
Reducing incoming patient numbers is entirely sensible.
Do you keep a horse as backup, in case your vehicle breaks down?
So, keeping a totally offline, base version of your life saving equipment is a bridge too far? I mean I know it may mean that a doctor isn't capable of checking the imaging results while they're golfing and may have to actually figure out where the imaging department is in the hospital and walk down there to look at a screen in person, but maybe? I know that is totally the same thing as keeping a horse as a backup for your car.
Yes, I was trying to explain the swipe machine to a PFY (I actually had to use one millennia ago) and that's where the explanation broke down.
Fun fact: my debit card number, expiration date, and name are on a thin film laminated on top. It's so hot here in Florida that this lamination peels off, resulting in just a card with the bank logo and the smartchip. Edit: and the mag stripe on the back
I told people it was a "super high security card" for 2 weeks, and out of 29 people, only one of them questioned it and called me on my bullshit, and it turned out he was a CS major at the local uni. So there might be an extremely small sparkle of hope in the next generation after all.
One of the areas I like to discuss when with clients is the concept of having a reversionary method of operation.
In short, how do you still continue to provide your key mission items when your supporting tools have broken.
If you have a business method that is so hell bent on nothing failing, then you really should have a method of working that allows you to follow processes and procedures without those tools being available for a period of time.
MTTR and RTO are all well and good, until you have not managed to get back online.
Considering the primary role of a Hospital/ICU/ECU etc. is to provide life saving care, then surely this facility should still be able to take on patients and provide life saving care without a computer?
We're hardly in the realm of Tricorder's (Start Trek) futuristic health care. Medical support staff, Surgeons, Nurses, Specialists and Doctors can work without a computer I'm sure as that's not how they generally deliver their expertise skills is it?
Fully agree with the other posters comments about the complexity of running a facility like a hospital goes way beyond just accepting patients, however, in the absence of robust security postures that minimise the likelihood of this type of event, then turning away patients is a quite severe course of action.
A reversionary method is good, but pretty much by definition it will be less efficient and have much lower capacity and likely significantly more error prone. At best for a hospital that involves pen and paper, telephoning requests through spelling details out phonetically and radiographers having to physically sit at the xray machine terminal to review test results.. At worst it probably involves porters having to run round miles of hospital corridors delivering prescription requests, patient notes and other instructions, and some tests being impossible to perform/analyse the results of.
Turning away patients, particularly in the early stages is entirely rational and the only sensible thing to do
You would think that someone as vital as a hospital would not require an internet connection to function. Is there really no way to have things, like imaging devices at hospitals, etc... to have a hardware switch to be able to switch over to a totally offline backup software stack so that when this happens every other day, vital resources like this don't have to just be shut down? I know storage is very expensive these days though and everyone is on a budget, so that maybe a bridge too far.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
