How Microsoft’s Digital Crimes Unit, a cybersecurity
company, and a global health organization came
together to take on a new breed of hacker
“The modern-day hospital is so reliant on IT that when these systems go down, it’s incredibly devastating,” says Errol Weiss, chief security officer for Health-ISAC. “They can’t do patient intake, and ambulances are diverted. Services slow down because they’re relying on paper and manual processes. If you’re with a patient trying to do surgery and need to know their blood type, you’ve got to go to paper backup and hope it’s available and reliable.”
Ransomware often has severe downstream consequences, and Weiss ticks off a few that made headlines. A rural hospital in Illinois closed after spiraling financially from an attack and the pandemic. Hackers stole patient records from a health network in Pennsylvania and published them, including naked photos of cancer patients receiving treatment. The attack led to a class-action lawsuit against the network and a $65 million settlement. In Finland, a patient died by suicide after a hacker stole confidential records from a psychotherapy center, failed to get a ransom, exposed the records and blackmailed patients.
Health-ISAC, Fortra and Microsoft were able to merge their considerable data and expertise to link cracked Cobalt Strike to 68 health-related ransomware attacks in 19 countries. Their investigation connected cracked copies to eight malware families, including LockBit, a fast encryption and denial-of-service attacker, and Conti, the malware used in the HSE and Costa Rican attacks.
“I’m a big advocate for the work that’s being done,” Weiss says. “There’s an ecosystem that criminals can use to their heart’s content, and unless we do something about that, this problem will not go away.”
