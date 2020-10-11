Entrance of the Uniklinik University Hospital in Dusseldorf (Germany). Lukas Schulze /

“The university hospital in Düsseldorf is once again ready for emergencies. After the computer failure, the system works again ”. The message that presides over the website of this German medical center is the vestige of an event, which threatens to be just the beginning of a new era, in which computer attacks could end up claiming lives.

It was a couple of weeks ago when the UKD’s computer system, the Düsseldorf hospital, went down. The Prosecutor’s Office, the Ministry of Justice, the police, and computer technicians concluded that the cause of the ruling was a cyber attack. “The security flaw was detected in a software common on the market and can be bought all over the world […] enough time passed to penetrate the system and for an act of sabotage to take place, ”the hospital reported in a note.

The attack affected 30 servers at the medical center, according to the police investigation. The emergency service was closed for 13 days. During that time, the information stored in the system could not be accessed. The machines – X-rays, MRIs … – worked, but the images could not be sent to the doctors’ computers, so they had to physically go to the machines to see the screens. The situation became unsustainable, according to the center’s spokesperson to this newspaper.

During those days, the ambulances had to be diverted to other hospitals in the area. In one of them a 78-year-old woman was traveling, transferred to Wüppertal, about 35 kilometers away, and whose death is potentially associated with the delay in care, the Cologne Prosecutor’s Office is now investigating, as confirmed by phone by her spokesperson, Ulrich Bremer. The investigation is still ongoing and it is not possible to determine to what extent the death can be attributed to the attack. “The question is, what would have happened if the Düsseldorf hospital had been open,” explains Bremer. It is also necessary to find out why the ambulance did not take the woman to a closer hospital.

But regardless of the outcome of the investigation, the case has raised concern around the world. The possibility of a cyber attack claiming physical lives is increasingly real. The German Federal Research Office (BKA) assures that “health systems have become an attractive target during the pandemic inside and outside Germany.” They cite as an example how health departments and universities in Canada involved in the fight against covid-19 were attacked with variants of ransomware (data hijacking). They add via email that although there have also been attacks on critical infrastructures in the past, in the midst of the pandemic, the effects will be more serious. In April Interpol already warned of the growth of attacks against hospitals. “The attackers know perfectly well that they are attacking a hospital. The trend has only increased since then. There is no special respect ”for being a hospital, says Xavier Hidalgo, founder of Redhacking and with a career closely linked to hospitals.

Computer systems highly exposed

Some gangs of cybercriminals announced in March that they would stop attacking hospitals due to the pandemic, but either they have not kept their promise or there were groups that did not promise. The truth is that attacks on health centers have grown. In its trend report for this year, just published this week, the Spanish National Cryptographic Center (CCN) cites the ransomware against medical centers as one of their concerns: “An analysis carried out by an insurance company has estimated this increase in 350% during 2019. It is foreseeable that this trend will continue or accelerate during 2020, and in fact, attacks against organizations and laboratories involved in the fight against coronavirus ”, says the report.

Similar concern is shown by the German annual cybersecurity report presented this week, where there are 100,514 cases of cybercrime of all kinds, which represents an increase of 15% compared to the previous year. The BKA details that the preferred targets of criminals are companies or public institutions. “In recent months, criminals have taken advantage of the pandemic, hiding malware in alleged emails from official agencies with information on covid-19 for example,” they say.

Last year, hospitals and other German Red Cross services in Saarland and Rhineland-Palatinate were hit by cyberattacks. There have also been similar attacks in France and the Czech Republic this spring. Last weekend, it was hacked also one of the large health groups in the US Employees of different UHS centers (the health service) in various states of the North American country described in a thread on the social network Reddit how their systems suddenly stopped working.

Hospitals are targeted by criminals from the ransomware because their data is essential and their cybersecurity is not well worked: “They are a candy,” explains Hidalgo. “They do not have a budget for cybersecurity and they treat it in a traditional way, based on an antivirus or a firewall and a little more. They are very exposed and little prepared to contain an attack ”, he adds. There are many ways to act against a hospital. In June they sold for example in a forum in the dark web access as system administrator “to a large European hospital” for 3,000 euros. That vulnerability becomes especially acute in times of pandemic. The experts explain that the professionals are busier and any promise of medicine or useful information will be received with a click, even if the email looks strange.

Furthermore, the attacks are increasingly complex and targeted. “So far these attacks have had a relative impact on operations by affecting information systems [historias médicas, citas], an even greater potential impact is foreseeable if the malware [software[software designed to cause harm} extends to the segments where other essential systems for the operation of a hospital are found, such as the building management system, emergency power generation systems, diagnostic imaging equipment or treatment, storage and distribution of medicinal gases ”, explains the CCN.

He ransomware It is an attack that encrypts the information contained on the hard drives of a company or organization. In order to recover them, criminals offer the key in exchange for a ransom. The amount of money they ask for often depends on the size and importance of the target. Increasingly, criminals are not only indiscriminately encrypting information, but are attempting to steal it to threaten to post it on the web and create a greater need for the victim to pay. Against someone who wants to publish thousands of medical records open, a backup copy in the system is useless. “We must distinguish between hospitals and clinics, for example of aesthetics,” says Josep Albors, head of research at Eset España, a security company. “Clinics handle more money and are not critical, but the confidentiality of your data is important,” he adds.

Bite the trap

Most of these attacks start with an email, which can be sent to thousands of addresses to see who bites the bait or is directed to someone, with a specific request. In the case of those that are sent to the recipient of a e-mail In particular, the manager of a hospital, for example, receives a credible email asking him to update credentials or open a document. If you do, criminals gain access to the system. First, they observe for days what is there and then they act.

In the German case, the police contacted the hackers. In the Prosecutor’s Office they explain that they do not know his identity, but that they spoke in Russian. The cybercriminals handed over the access codes to the encrypted servers, so that the hospital could operate again, and claimed that they actually wanted to attack the university and that they failed to ask for a ransom.

Faced with alarmism in the face of the increase in cases and their dangerousness, there are those who prefer to see the glass half full. There are experts who explain that these cybercriminal networks operate in a gray where attracting a lot of attention is dangerous. From the countries where they operate, they are not subjected to sufficient police pressure because the problems they cause are, above all, economic and specific. If people start to die from the attacks, the situation could change: “At times like the present it is very attractive for a criminal to attack a large hospital and cause a collapse. Are they interested? No, for a simple reason. If these attacks cause victims, they will make more people notice them and therefore the security forces and that supposed immunity that they enjoy in other countries, it would end ”, says Josep Albors.