Prospect Medical Holdings, a chain that owns hospitals, as well as more than 165 outpatient facilities, said ransomware hackers had breached its system.
I used to work in social services and a suburban Philly county got attacked. I had to delay services to people with disabilities because funding couldn’t come through. These people are disgusting.
Not saying these hackers are good in the least. But the sheer lack of basic security in a lot of hospitals and health services is enough to piss you off. Maybe THIS incident will encourage them to make some improvements.
If only…
I feel bad for the poor nerd who draws the short straw and has to teach a class of doctors basic IT security practices. Going to have to rent out a football stadium in order to make room for their egos.
What the hell? That’s terrible news. I don’t understand why they’d target a hospital system at all. Seems cruel.
Because it’s valuable.
Have to think, these people don’t have moral codes like you or I, so trying to find the logic in morality isn’t going to get you anywhere.
Now that we’re past the obstacle of morality, we can get to the meat of it:
-
Hospitals have valuable data and a lot of essential systems. The users of those systems would pay a lot to keep it functional and accessible.
-
They have massive attack surface. There’s so many vulnerable points in a hospital that one could imagine, with a few insights, a few attack vectors just walking around one and being observant.
-
The staff often aren’t educated in proper practices, the dos and don’ts of infosec, and are also often overworked and very tired. This leaves them vulnerable to phishing attacks, tailgating, you name it. Trained about tailgating? A lot of them use RFID cards to access specific areas, and cloning those is trivial.
TL;DR hospitals are valuable and (sadly) easy targets.
-
Information to ransom, among other things that sebinspace said.
HIV diagnosis? STD diagnosis? Someone on hormones for gender-affirmijg purposes? Abortions? In places where these may or may not be legal or safe for such knowledge to be public, victims aren’t likely to think twice before panicking and paying up to not have their data leaked.
This is awful. Sick kids hospital in Toronto got attacked earlier this year but the group apologised and gave the decrypt key without payment. This is the least they could do here too.