Local Delaware County Hospital Hit with Cyberattack
It was a busy weekend for hackers and several local organizations as two hospitals and a New York state casino were hit with cyberattacks. This caused quite a bit of chaos for everyone involved, including patients, hospital staff, and a nursing home that all had to struggle through the attack.
Margaretville Hospital and HealthAlliance in Kingston Face Crippling Cyberattack
Hospitals and the healthcare industry in general are often ideal targets for cybercriminals. Uptime is extremely important to a hospital, and criminals know this; they know if they infect a healthcare provider with ransomware, the victim will likely pay the ransom just to go back to normal. Beyond that, medical records and other sensitive information are considered high-value, even when compared to stealing financial information like credit card numbers. This is partially why the healthcare industry has such strict regulatory compliance standards.
Even with all the right precautions and security preventions in place, no organization is ever 100% immune from cybersecurity attacks, and the two Hudson Valley healthcare organizations had to shut down the IT systems of three facilities on Friday in order to mitigate the attack.
While the two hospitals remained open over the weekend, ambulance services had to be diverted and some patients had to be shuffled around to other facilities. Mountainside Residential Care Center, a nursing facility, was also affected by the cyberattack, but according to representatives there was no disruption to services.
In fact, this cybersecurity incident had been affecting the healthcare organization even longer, as for the past week, Emergency Services within Ulster County had been diverting patients as early as last Sunday, the 15th. While there wasn’t an official statement until Tuesday, it’s likely that both hospitals were dealing with the attack for several days.
This paints a picture of just how incredibly disruptive these types of attacks can be. Any organization can easily be crippled by an attack, and the struggle to get back to normal is extremely expensive, stressful, and can damage your reputation. We truly hope the best for WAMC Health in Margaretville and HealthAlliance in Kingston.
Jake 58 Casino in Islandia, Suffolk County Had to Close for Several Days Due to a Cyberattack
In what looks to be a completely unrelated attack, the New York State Gaming Commission confirmed that the central server that controls the state’s slot machine parlors was impacted by a cybersecurity attack.
This happened on Tuesday, October 17th. New York’s official video lottery system is used all over the state, using a sort of lottery-style method for payouts. The system calculates whether a spin wins or loses based on how many people are playing it, sort of like the New York State lottery. This centralized system was hit with a cybersecurity attack and brought offline for several days, so organizations that rely on it, like Jake 58 Casino, which has over a thousand of these machines, had no other choice but to close down during the duration.
This obviously wasn’t the casino’s fault—in essence, their vendor was hit with an attack, and Jake 58 had to make the hard choice to close temporarily. This could happen to any business that relies on a third-party service or product or goods. A deli could face a loss if their cold cut provider couldn’t supply them with meat, for example.
Fortunately, it sounds like no personal information was stolen. Just about a month ago, a cybercriminal organization managed to steal six terabytes of data from a chain of Las Vegas casinos
Cybersecurity Needs to be a Priority
We’re not saying that Margaretville Hospital, HealthAlliance, and the New York State Gaming Commission are at fault for allowing cyberthreats to penetrate their network—they are certainly victims here. These attacks, however, cause widespread disruption, hurt the reputation of the attacked organizations, and can cost a lot of time and money to circumvent.
As mentioned, you can be doing everything you possibly should be doing and still manage to be the victim in an attack like this, it’s just much more rare. Every single employee, every single endpoint, every device on your network are all potential weaknesses that could accidentally allow a data breach or ransomware or some other type of attack. That’s why it takes a multi-tiered approach to protect your organization.
It doesn’t matter how big or how small you are either—to a cybercriminal, that doesn’t matter. Your organization likely has enough value to make it worth the effort, whether it be a few thousand dollars to pay a ransom, or a database of customers to sift through and sell.
At Directive, we bake cybersecurity into everything we do, and we can help your organization meet regulatory requirements, secure your network, and even help educate your staff to prevent social engineering attacks like phishing.
This isn’t something you want to deal with retroactively. To get started, give us a call at 607.433.2200 to set up a consultation.