In Tallahassee, Florida on the evening of Feb. 2, a cybersecurity incident occurred at Tallahassee Memorial Hospital.
TMH is a 772-bed hospital that has been serving the region since 1948; I know everyone in Tallahassee has used their services or knows someone who has.
I wrote a column last month about how ransomware is the worst cybercrime I have seen in my career, and this situation certainly emphasizes that (assuming it is ransomware) with a devastating example in Florida.
While the hospital has not confirmed what happened, it is referring to the situation as an “IT security incident.” I can respect their plan; they need to focus on recovery as their top priority.
One can assume it to be a ransomware attack, as “experts” like CNN are reporting, since all staff was recommended to turn off their computers (that is a common incident response to stop the spread of ransomware).
That said, before we continue, here’s a message for all those at TMH: The entire IT community in Florida is rooting for you and hopefully the perpetrators will be caught.
Assaulting any business with a cyberattack is vile, but attacking a hospital is monstrous. These hackers have potentially impacted life-or-death situations and need to be brought to justice as soon as possible.
TMH is not alone as it fights to restore its systems. The HIPPA Journal reports that over 290 hospitals were potentially affected by ransomware last year. It is difficult to get accurate statistics on the impact of ransomware as organizations try to keep it under the radar if possible. No one wants their brand affected by an attack, so who knows what reality looks like; the bottom line is that it can happen to anyone, hospital, dentist’s office, lobbyist, etc.
It is up to all of us to be the “human firewall” as I mentioned this week to ABC27 when discussing the situation.
The “human firewall” is a phrase used in IT circles to describe users who are fully trained and aware of their cyber surroundings. A human firewall does just like its hardware counterpart, it is a barrier to identify and block incoming threats.
As a workforce, we have yet to fully understand that while we use email as a communication tool each day, hackers use it as a threat delivery system at the same time. Your email must be as scrutinized as closely as you would letting people in your house or deciding who you let look after your children.
Sound overboard? It is not.
This is the level that you need to be thinking on. Two-thirds of ransomware attacks come into an organization via email and attacks happen every 20 seconds. See a (fake) FedEx email in your mailbox? Do not click, review it first.
What time was it sent? 4 a.m.? Could be a red flag, hover over the email address to see the real origin email, if it is a Gmail account it’s fake.
Does it have a tracking number you can compare to an actual package you sent or are receiving? If not, it is probably fake.
Those are some of the steps taken by a human firewall that is the level of attention email needs in conjunction with a robust bundle of cyber tools.
Cyber protections stop over 90% of attacks, but the ones that get through we must identify and stop. We must be part of the solution to cybercrime while cyber tools and our law enforcement catch up to these criminals.
Speaking of law enforcement, we got great news this month in the battle against hackers.
Law enforcement shut down the Hive ransomware operation. A combined effort by the FBI, the Department of Justice, and others led to this victory.
In a ransomware attack, hackers encrypt files and all systems and then ask for money (ransom) for you to get your files back. If you pay, they send you (not always, as they are criminals) encryption keys. In the Hive shut down, law enforcement did not just shut them down but are also supplying the keys to unlock the systems of their victims.
A huge win for the good guys and a job well done by those hunting these cybercriminals.
Hive is just one of the bad guys, as I mentioned in my ransomware column last month; Lockbit is the major threat actor in this space, as are Conti and others.
There are tools to fight back, there are high-level isolation and remediation platforms that we are recommending to our clients as part of our SOC operations. You should be doing the same.
One day, ransomware and other hacks will be in the rearview mirror — but not today.
As we begin 2023, the war against hackers rages on and you must do your part to fight back. Hackers are everyone’s common enemy and they will not stop until we stop them.
If you see an incident report it to law enforcement, as TMH is doing.
Also, invest in advanced threat protections and be the human firewall, every minute of every day.
Blake Dowling is CEO of Aegis Business Technologies and can be reached at [email protected].