What hospitals can learn from the Parkview Medical shutdown

By Justin Fier / Special to Healthcare Facilities Today
June 17, 2020

With the rise in cyber-attacks that has accompanied the COVID-19 pandemic, hospitals, already susceptible to ransomware attacks, have been acutely affected.

Cyber security experts and government institutions have released warnings about advanced criminals taking advantage of new and known vulnerabilities during this time of reshuffling, remote work, and increased demand. INTERPOL warned of rising ransomware attacks against hospitals and the medical research industry globally, the U.S. issued a statement about threats facing the Czech Republic, and the U.K. and U.S. issued a rare joint advisory from the U.K.'s National Cyber Security Centre and the U.S. Department of Homeland Security.

These warnings have unfortunately turned into a reality, with more attacks against hospitals and healthcare becoming public knowledge as the pandemic continues. One example is the recent attempt against a Romanian hospital by four members of a cyber-criminal group known as PentaGuard. Romania's Directorate for Investigating Organized Crime and Terrorism, shortened to DIICOT, learned that this group was planning to infect Romanian hospitals with ransomware. According to ZDNet, hackers intended to send COVID-19 related emails to trick healthcare workers into clicking on malicious links, thus infecting computers, encrypting files, and causing disruption.

This is just one example of how cyber-criminals have broken their promise to steer clear of attacking hospitals during the coronavirus outbreak. Cyber-criminals thrive during chaos and are inherently opportunistic, so could we have realistically expected them to stand down when opportunity comes knocking? As they look to monetize the crisis, hospitals and patients alike are caught in the crosshairs.

What happens during a successful attack?

But what does it look like when a cyber-criminal does successfully infect a hospital with ransomware? 

The reason ransomware attacks are particularly effective, especially at this time, is because of how quickly ransomware can spread throughout an entire organization and because new, never-before-seen strains are constantly emerging. The time between when an employee initially clicks on a link in an email – instantly downloading a malicious payload – to when a businesses’ critical systems have been fully encrypted and taken offline can be as quick as a matter of seconds.

Hospitals depend on digital systems that contain all of their patient information for day-to-day operations to run smoothly. These electronic medical record systems, known as EMRs, can be equated to the “brains of a hospital.” Without them, medical care professionals don't have the vital information they need to do the most basic parts of their jobs. If these systems are compromised during an attack, healthcare providers must revert back to pen and paper, diminishing their already limited time spent treating patients. 

A recent ransomware attack against Parkview Medical Center in Colorado presented the nightmare situation – an EMR system gone dark. It was the first public example in the U.S. of a successful COVID-19 related cyber-attack that was able to shut down hospital operations, and one week after suffering the attack the medical facility’s network was still down. Thankfully, the staff was properly trained in using paper records and Parkview notes that they were “able to continue patient care without any detrimental impacts”, even as they experienced IT system outages and worked around the clock to fight the pandemic.

Key learnings to protect our systems and our patients

Healthcare organizations around the world can learn from the example set in Parkview. It is commendable that their staff was trained to continue operations and maintain patient care when faced with network outages. However, it also served as a reminder that cyber-criminals are both sophisticated and opportunistic, stopping at nothing when presented with an opportunity to profit. In order to prevent advanced attacks, organizations must implement advanced defenses. 

With 90% of attacks starting in the inbox and email as the origin of both the Parkview ransomware attack and the planned attack against Romanian hospitals, organizations should focus on securing their email ecosystem. Hospitals aren’t just protecting revenue streams and intellectual property, but human life, and may need to look beyond traditional security tools. Tools that rely on whitelists and blacklists will fall short, especially as attackers continue to register new COVID-related domains and launch novel threats. The best way to get ahead of advanced spear-phishing attacks is by using cyber security tools that rely on normal patterns of communication to detect threats.

When attacks are able to spread throughout an organization in a few seconds, even the most sophisticated security teams will struggle to keep up. And with teams stretched thin – and busy getting telehealth up and managing remote work – rapid response becomes that much more of a challenge. Organizations should look towards technology that can save time by taking autonomous actions, stepping in at the earliest signs of an attack to stop ransomware from spreading through critical systems. 

Looking to the future 

Hospitals are inherently prepared for crises. Parkview Medical Center proved that even when struck by ransomware, during a global pandemic, patient care will continue. However, hospitals and healthcare organizations shouldn’t have to juggle concerns over cyber-attacks in addition to worrying about PPE shortages, inpatient care, and decreased revenue.

Yet, in a world where cyber-criminals will stop at nothing for profit, hospitals need to be two steps ahead of attackers, not hope that they will not be targeted. The future is always unpredictable – the next cyber-attack won’t look like the attack against Parkview, and the next global crisis won’t be a pandemic. We must plan for the future, implementing security strategies that can help us get there safely and securely, regardless of what unexpected events or attacks it may hold. 

Justin Fier is the Director of Cyber Intelligence & Analytics at Darktrace.


See the latest posts on our homepage


Topic Area: Information Technology

Recent Posts
Recent Posts
Focus: Infection Control

Flu Season During Coronavirus Pandemic Raises New Questions

Flu patients can take up resources


Focus: Infection Control

Washington Hospital Fixes Water Issue After Two Weeks

The water issue affected sterilization of surgical instruments


Doctor Shot During Robbery At Minnesota Hospital

Employees had asked for better protection in parking areas


Kaiser Permanente First Healthcare System To Reach Carbon Neutrality

One hundred percent of energy the system uses is being either used in a green way or is offset


Blog / Focus: New Construction

Success Factors Using Integrated Project Delivery (IPD) In Healthcare Construction Projects

Projects can be more fulfilling and successful at meeting desired project outcomes through IPD


Post Comment


News & Updates • Webcast Alerts • Building Technologies

All fields are required.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.