On November 16, Grey’s Anatomy, the highly popular medical drama, aired its first ever episode where the drama was not centered around an active shooter, airplane crash, fire, infectious disease or bomb threat. In the Winter 2017 season finale, “Out of Nowhere” Grey-Sloan Memorial Hospital was attacked by ransomware.
Ransomware is a type of malware that encrypts complete hard drives until a ransom is paid. Once the attacker receives the money they will decrypt. Paying the ransom may get you your files back, but the malware could still be there if you don’t completely rebuild the system. This storyline was truly dramatic, but must be their take on the numerous ransomware attacks on healthcare facilities in the recent past.
The hospital’s trouble begins when physicians in the Emergency Center have patients whose heart rate monitors show they are spontaneously flat lining. Physicians begin running to their patients to check them only to see that they are alive and well. One resident even goes to the lengths to shock her patient (a lawsuit waiting to happen!) As the episode continues, physicians are unable to access their patient’s charts.
After several unsuccessful attempts to login, a message pops up on every computer stating that their computers are being held for a ransom. The attackers state that they will decrypt the hospital’s network once they receive a payment of 4,932 bitcoin, which they equate to $20 million (in reality this is closer to $50 million.) The hospital becomes chaotic as physicians are unable to review patient charts to make clinical decisions, medical staff are unable to access the blood bank and medication cabinets cannot be accessed. Shortly after this happens, the doctors meet to decide a game plan.
However, before they can decide what to do, the FBI shows up and tells them to shut off all computers while they work on the issue. The Chief of Surgery decides that she wants to pay the ransom, however, the FBI advises her not to do so, as it does not guarantee that they will receive their files back. The episode ends with, the Chief making a call to attempt to get money to pay off the ransom.
As MSPs, we know that this episode is truly dramatic. However, there is some truth to some of the scenarios which is why this is an important topic to explore.
First, the attacker in the episode would have to be VERY invested in making the hospitals software malfunction. Most of the time, an attacker is interested in making money and not making heart rate monitors flatline. They also would not take the time to craft a cryptic message that would display on every computer. Also, staff would not be the ones who discover the issue. IT would see red flags on their end before patient monitors or physician computers would go down.
Second, in the episode all technology goes down (including phones, scanners, CT machines, Scopes, etc.). This part has some truth to it. If your facilities devices are all networked together and there are no firewalls in place, the attacker will be able to access all devices. Therefore no one was able to use technology in the episode. However, if your facilities network is segmented, the chances of them all being affected by ransomware at the same time is slim. One flaw in this part of the episode was that all computers were running on the same operating systems. When computers are running on old software or operating systems, the differences between software would make it difficult for the same attack to work on all computers/devices.
The third, and most realistic part of the episode is the affect that electronic medical records have the patient care process. For the most part, electronic medical records have become the norm for healthcare facilities. If patient records cannot be accessed, all patient history is gone and clinical decision making is compromised. Because of this, keeping an offline copy of electronic charts may become part of a business continuity plan. By establishing a procedure for this type of event, healthcare facilities can avoid a disruption in patient care.
In conclusion, technology is a real threat and it will continue to be for many years to come. The best way to prevent these events from happening to you is to be prepared for it. Make frequent backups of your information and store this information offline. Do not download files from unknown/unverified sites, from email attachments you weren’t expecting, etc. If you believe that you are a victim of ransomware, contact us immediately! We will be able to load a clean backup of your computers and help you through the process of restoring your computers.
Article Provided by:
Lauren Eckhout
Medical Solutions Specialist
Center for Computer Resources
