Computer attack on a hospital: where exactly the flaw came from
A hospital has been targeted again by hackers.
This is the Dax hospital. All related services have been permanently affected. Even the operating theatres had to stop the activities. Unfortunately, this type of case has been on the rise since last year. The consequences are quite dramatic in that even Covid patients have been affected. Hackers are no longer afraid to commit criminal acts even if they endanger the lives of many patients.
This article will also interest you: Are organizations ready to take on the wave of cyberattacks targeting hospitals?
Even though investigations are ongoing, it is obvious that identifying the culprits on a daunting task. Indeed given the way of proceeding, it is clear that the cyber criminals behind this computer attack are not beginners. If they have operated outside French territory, the page will be even more difficult.
The proliferation of this kind of incident is a challenge. There would have to be a lot of questions. At the same time, a thorough analysis of the situation of computer security around the world should be done. "The only way to approach the issue of responsibility is to equate piracy with terrorism: the state that lets go is as guilty as if it did it itself. Europe has no means of counter-attacking. It will have to focus on defending itself, protecting its systems, better training its it managers, and raising awareness among all staff. On the other hand, those who have fun attacking the United States may understand at their expense that Uncle Sam can crush them. If the U.S. administration, a fortiori aided by the GAFAM, decided on a massive computer attack on a country, the damage would be considerable. notes Raymond Taube, Editor-in-Chief of Opinion International and Director of the IDP (Institute of Practical Law), a structure specializing in legal advice and vocational training.
To return to the attack on Dax hospital. One fact has highlighted the fact that the attack is not surprising.
"There are about a thousand hospitals in France, but only fifty security managers for information systems. The situation is no more enviable in private structures, and it is even worse in the medico-social. In 95% of cases, there is no one to worry about computer security," explains Cédric Cartau, head of information systems security at the University Hospital of Nantes and the Loire region, in an interview with the media outlet lemonde.fr.
In other words, despite the fact that years have been going on for a long time, IT security is by no means the priority of IT managers. Unfortunately they are much busier at digitizing all aspects of their organization, neglecting on the most important route. Yet we know that. The it security of health centres, especially in this time of health crisis, is beyond even the normal priority. Apart from the risk of leaking confidential data, the risk of endangering patients may be raised. Unfortunately, this forces hospitals to pay the ransoms demanded by cyber criminals in the majority of cases."In the age of smartphones, networks, connected objects, this is no longer science fiction. In the United States, ransoms of 100,000 euros have been paid by hospitals to recover their patients' data, data that remain definitively shared with the ransom earners. The University Hospital Centre (CHU) in Rouen was the victim of such an attack in November 2019. The hospital refused to pay the 40 bitcoins, or about 300,000 euros, that the ransomists allegedly demanded. It is to be hoped that he had an up-to-date backup of these files, but they remain in the hands of the ransoms. What did they do with it? What do they do with it? observes Raymond Taube.
But let's talk about the causes of this proliferation of computer attacks.
At its core, it should be highlighted that good practices in the use of IT resources are not being followed. Users don't pay attention. They are usually the weak points in overall computer security. This is why prevention and awareness have always been the first weapon to combat cybercrime. Unfortunately, the deficiencies have become usual, among which we usually observe:
– Failure to carry out backups
– The failure to protect backups when they are carried out
– Neglect in password management
– The non-secure workstations
– Unsafe use of messaging services
– Lack of vigilance in the face of phishing
– Neglect of security applications
– Neglect of safety updates
– Etc.
"The aim is not to overwhelm health facilities or their IT managers. They are in the oven and in the mill, running from one service to another, here because you can't access digital files or you forget your password, there because the image freezes during a videoconference… To base all the computer security of a health establishment, as indeed of any company or establishment, on the IT department alone, is as if the fight against Covid-19 were reduced to resuscitation services alone. In fact, it was for a long time the case! says Raymond Taube.
Now access an unlimited number of passwords: