The Idaho Falls Community Hospital fell victim to a cyberattack on Monday May 29, 2023. As a result, the hospital had to divert ambulances to other nearby hospitals and close some of its clinics.
“Our commitment to our patients’ well-being continues to remain our top priority. As we continue to recover from a cyberattack, we want to assure everyone Idaho Falls Community Hospital and Mountain View Hospital remain open and continue to safely care for all our patients. The vast majority of our partner clinics are also seeing patients as usual. Our doctors, nurses and other care providers continue to be here for you.”
The hospital said that patients will be contacted by their provider if their appointments are impacted.
According to the initial statement, the hospital’s IT team identified the attack quickly and took immediate action to limit the impacts and keep all patient information safe and secure.
While the exact nature of the cyberattack is unknown at this point and the hospital calls it a “virus”, it is more likely that it is dealing with a ransomware attack. By definition, a virus is a program or piece of code, that runs against your wish and can replicate itself. I put emphasis on “replicate” for a reason. This is because the replication factor is a very important component in the definition of a virus.
Viruses are usually destructive in nature and almost never yield monetary gain to the cybercriminals. Ransomware is just as crippling, but its primary goal is extortion, which is usually paired with data theft. The stolen data will be used as extra leverage to convince the victim to pay, or else the data will be sold or published. And since the hospital emphasized that they managed to “keep all patient information safe and secure” this is a more likely scenario than an actual virus.
It is no secret that healthcare providers are attractive targets to ransomware gangs. Because of their nature they offer a large attack surface. That means they use all kinds of equipment which could be vulnerable and they need to be easily accessible both on and offline. On top of that they are likely to have a host of sensitive data stored on their systems.
Early on during the COVID-19 pandemic, promises were made by some ransomware gangs to leave hospitals alone. But cybercriminals behaving like criminals isn’t something we should be shocked about, and attacks on healthcare providers have been on the rise ever since.
How to avoid ransomware
- Block common forms of entry. Create a plan for patching vulnerabilities in internet-facing systems quickly; and disable or harden remote access like RDP and VPNs.
- Prevent intrusions. Stop threats early before they can even infiltrate or infect your endpoints. Use endpoint security software that can prevent exploits and malware used to deliver ransomware.
- Detect intrusions. Make it harder for intruders to operate inside your organization by segmenting networks and assigning access rights prudently. Use EDR or MDR to detect unusual activity before an attack occurs.
- Stop malicious encryption. Deploy Endpoint Detection and Response software like Malwarebytes EDR that uses multiple different detection techniques to identify ransomware, and ransomware rollback to restore damaged system files.
- Create offsite, offline backups. Keep backups offsite and offline, beyond the reach of attackers. Test them regularly to make sure you can restore essential business functions swiftly.
- Don’t get attacked twice. Once you’ve isolated the outbreak and stopped the first attack, you must remove every trace of the attackers, their malware, their tools, and their methods of entry, to avoid being attacked again.
Malwarebytes EDR and MDR removes all remnants of ransomware and prevents you from getting reinfected. Want to learn more about how we can help protect your business? Get a free trial below.