PODCAST NOTES: (This premium content first appeared in the Oct. 8 issue of Inside Security)
Every Thursday, I summarize a podcast about cybersecurity so you can read it in about five minutes or less. This week features Caleb Barlow, CEO and president of CynergisTek, who spoke with Dave Bittner of Hacking Humans (#119) about the dangers of ransomware attacks targeting hospitals. [Note: Questions and answers were edited for brevity and clarity.]
Dave Bittner: Could you discuss the recent incident in which a woman died due to a ransomware attack against a hospital in Germany?
Caleb Barlow responded that cybersecurity professionals often focus on these marquee events where kinetic impact comes into play. This is a very tragic event. Someone died because the hospital they were headed to was locked up with ransomware, and the hospital had to divert patients.
In emergency medicine, there's this concept called the golden hour, Barlow explained. The idea is that an emergency medical professional's duty is to get a patient to a higher level of care, i.e., a hospital or a trauma center or a stroke unit, in under one hour from the time they dialed 911. And when something gets in the way of that, such as a ransomware attack, the death rate grows dramatically. And, unfortunately, that's exactly what we saw in this case.
Dave Bittner: Can you provide us with some insights as to what goes on within a hospital, within an emergency facility, when they find themselves confronting a ransomware attack?
Barlow explained that not only is he the CEO of a company that focuses on protecting hospitals from cyberattacks, but he also had a 15-year career working as an EMT. The thing that people have to understand in an emergency medical situation is that the EMTs are responding because something has gone very wrong. It's the EMT's job to try to fix it or at least reduce the risk. So one of the primary things EMTs looking at is, "How fast can I get this individual to a higher level of care?" When something stands in the way, that's a problem.
What a hospital does when they're locked up with ransomware, they can't access their medical records. There are no paper records anymore. They can't see what drugs a patient is on. They don't know if the patient has any allergies. Not only that, their processes slow down because all the documentation and all the patient routing are done electronically.
The safest thing for them to do is start to divert patients and shut down non-emergency care. And that's exactly what happened in this case. They started diverting their ER patients. Now, ERs divert all the time, but usually due to patient load not because they're locked up with ransomware...
Barlow related that he spoke with some of his clients who told him about a situation where a hospital was locked up with ransomware. They had surgeries going on at the time. There were literally patients on the table in the middle of a surgical procedure, and they couldn't access data and everything locked up. Their communications were down. The systems they were working on went down.
Most doctors understand what to do in that situation. Start making sure they can protect the patient and not cause any harm. One of the questions that came out of this discussion was, how many close calls have there been that we haven't heard about as hospitals are continually getting locked up with ransomware? This just happened to be one where there was a confirmed death.