Art Imitating Life: Hackers Take Down Hospital Network on Grey’s Anatomy
You know a topic is hot when it becomes the main theme behind a popular drama episode on broadcast TV. After all, that’s pretty much how Law and Order has gotten most of their storylines for two decades and spun off a series of successful new shows.
In the tried-and-true TV tradition of “Ripped from the Headlines”, last night’s Winter finale episode of the #4 Nielsen-rated show Grey’s Anatomy on ABC centered around a cyber attack that gradually started taking down all Grey Sloan Memorial Hospital’s computers, monitors, tablets, phones while also locking patient medical records and the blood bank. Needless to say, havoc ensues as the medical teams try to cope with the realization that all the modern advances that technology provides have suddenly been taken from them.
The ransomware attack demanded 4,932 bitcoin, or roughly $20 million, before the fictional hackers will restore access to the hospital’s network of devices and servers. Failure to pay would mean all the hospital’s medical records would be destroyed.
Viewers then watch as the hospital administrators and FBI agents struggle with the decision whether to pay the ransom to get their hospital back, or let the cybersecurity experts try to stop the hack while potentially risking their patients’ lives, all leading up to a dramatic cliffhanger ending.
It leaves you to wonder, “Could that really happen to a top U.S. hospital?”
The short, and terrifying, answer is simply yes. It could happen if the right cyber defenses aren’t implemented. Hospitals can be just as vulnerable to a cyber attack as any other business. Without the most advanced cyber defenses in place, hackers can launch malicious attacks designed to cripple a network in the attempt to get a quick payout from a ransom or steal valuable data.
As an example, this past June a ransomware attack took down the world’s largest advertising agency, WPP. It was later determined that the attack was a variant of the WannaCry attack that took place in May and targeted Windows systems and demanded payment in the form of bitcoin, just like in last night’s Grey’s Anatomy episode.
It served as a wake-up call for the industry, letting all the agencies know that they were not where they needed to be in terms of security. WPP got hit because they’re an extremely large organization and they have a presence in Ukraine. The takeaway that everyone needs to realize is that ransomware is definitely here to stay and the volume of attacks is only expected to grow.
An attack on a health institution has already occurred. In May, that same WannaCry ransomware was unleashed on medical facilities across the UK, as the state-run National Health Service (NHS) system was paralyzed by the malware, causing the cancellations of thousands of appointments and operations. However, unlike on Grey’s Anatomy, the ransom requests were a much more reasonable $300-$600 per location, hospitals, General Practitioners, Specialists, Dentists, etc. throughout the country. While some of the critical infrastructure was able to be brought back up relatively quickly, it took weeks before the NHS system was brought back to full operational status.
In our recent “Global DDoS Attacks and Cyber Security Insights Report”, we found that attacks are on the rise and hackers are becoming more successful. Not only are attacks getting more efficient, they’re also becoming larger and more targeted. In addition, response times are down, meaning attackers are having their way with your system and you don’t even know it until it’s far too late.
So what’s the answer to combat the threat? A solid Web Application Firewall (WAF) helps make sure you have all the latest security patches, plus it prevents most types of attacks. Having a strong system of backups, a disaster continuity plan, regular testing, strong employee training, plus a robust DDoS defense with an “always on, always ready” system in place can make all the difference between sleeping well at night … or finding out that your hospital network is now under a $20 million ransom demand.
Tune in January 18 to see what happens next!