Homeland Security News Wire reports that hackers have attacked several hospitals in Germany with ransomware – locking medical files and demanding ransom payment for releasing the encrypted data.
The blackmailing of hospitals by encrypting their medical file has become a growing problem around the world. In California, for example, a Hollywood hospital earlier this month had to pay about $17,000 in the digital currency bitcoins to hackers in order to regain access to medical files.
Two weeks ago, an employee at the Lukas Hospital in Neuss, a city in western Germany, noticed that the hospital computer systems were not running smoothly. Error messages kept showing up on the screen, and the system was unusualy slow.
“We then pulled the plug on everything,” spokesperson Dr. Andreas Kremer told DW. “Computers, servers, even the email server, and we went offline.”
In the last two weeks, the hospital’s website has been advising patients to call or fax the hospital if they needed medical attention because the e-mail system is still not functioning. The malware planted in the hospital computer systems has brought the systems to a grinding halt.
“Our IT department quickly realized that we caught malware that encrypts data. So if the X-ray system wants to access system data, it failed to find it because it’s been encrypted, so it displays an error message,” Kremer said.
Worldcrunch reports that the hospital had fallen victim to ransomware — malware which denies the owner of the data access to it unless the owner pays the ransom. When the ransom is paid, the hackers give the owner a decryption key which allows him to access the data again.
Kremer said that the hospital reported the ransomware attack to the State Criminal Investigation Office (LKA).
“We haven’t received a concrete demand for money, but we’ve seen these pop up windows that appear if you don’t stop the ransomware on a computer,” he told DW. The message in broken English points to an anonymous email address to get in touch with. “Following the Criminal Police Office’s advice, we didn’t do that,” Kremer said.
Back to pen, paper, and fax machines
The hospital’s IT teams has developed a special software to clean the infected systems – more than 100 servers and about 900 devices – but hospital operations have been relying on pen and paper, and on fax machines to disseminate and exchange patient’s reports among the staff. “High-risk surgeries were pushed to later dates due to safety reasons, but 80 to 85 percent of all operations took place as planned,” Kremer said.
The relying on old-fashioned means led to a considerable slowdown of hospital operations, with staff having to contend with an ever-growing backlog of handwritten notes – notes which would, eventually, have to be entered into computers once the systems are declared safe.
An even bigger problem than the mountain of hand-written note is the fact that all the digital files are still inaccessible to the staff because the hospital has so far refused to pay the ransom.
Medical files still locked
“We have regular backups, so that isn’t a problem. If the virus encrypted data we have backed up, we just restore the backup files,” Kremer told DW.
The hospital said that the locked data can either be entered again if it is results from lab tests – because many of the tests are conducted by outside labs not affected by the malware – and the other data may be restored once the malware has been analyzed and decrypted. “But it really just affects data from within a few hours.”
It will take weeks until all systems are running the way they used to before the attack, “probably not before early summer,” Kremer said.
Ransomware attacks on hospitals spread
Worldcrunchnotes that th attack on Lukas Hospital is not an isolated case. Two days before the Lukas attack, another hospital, Klinikum Arnsberg in North Rhine-Westphalia, was similarly attacked by ransomware.
“According to present knowledge, it was an attachment in an e-mail that allowed the virus to enter the system,” Klinikum Arnsberg spokesperson Richard Bornkeßel told DW.
Hospital staff were able to detect the virus early – and it infected only one of the hospital’s 200 servers. The hospital IT staff immediately turned off the entire system, preventing further infection.
“Fortunately, it was only one server that was affected. The virus had started to encrypt files, but we could simply restore them from a backup,” Bornkeßel said.
He noted that the encryption process was topped early enough, so patient care was not affected. However, at least one other hospital in the same state has reportedly shut down its systems to avoid a potential hack and filed charges.
Ransom payments in California
DW notes that that the blackmailing of hospitals by encrypting their medical file has become a growing problem around the world. In California, for example, a Hollywood hospital earlier this month had to pay about $17,000 in the digital currency bitcoins to hackers in order to regain access to medical files.
“The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key,” Hollywood Presbyterian Medical Center’s president Allen Stefanek said in a statement.