Ransomware Kills: An insider look at the tragic effects of ransomware attacks
Cyber incidents kill. They killed before. They will kill again
Ransomware attacks have taken a deadly turn. Hackers have become more organized and sophisticated leading to the first ransomware-related death in September 2019. These threats continue to escalate, making healthcare systems, government operations, and other life-depending organizations prime targets for cybercriminals. However it is no longer just about financial gains, these organizations, when attacked and compromised, threaten lives.
In September 2019, the first ransomware-resulted death occurred at Springhill Medical Center in Alabama. The Wall Street Journal reported on the lawsuit filed by Teiranni Kidd, which will go to court in November 2022. In the article “A Hospital Hit by Hackers, a Baby in Distress: The Case of the First Alleged Ransomware Death” by Kevin Poulsen, Robert McMillan, and Melanie Evans, it was reported that Ms. Kidd was checked in to the hospital in the middle of a ransomware attack. The attack blocked off all medical records along with vital monitors used to track patients’ vitals. Ms. Kidd’s baby was born with the umbilical cord wrapped around her neck, causing brain damage that, nine months later, killed her.
The hospital’s lack of response to the ransomware attack, along with their refusal to tell their patients, and the public at first, what was really going on all begs the question: was Nicko Silar’s death preventable?
First reported to The Wall Street Journal, Joshua Corman, senior adviser for the Cybersecurity and Infrastructure Security Agency (CISA), which is part of the Department of Homeland Security, found evidence that ransomware can lead to dire consequences for hospitals. “We can see that a cyberattack can strain you enough to contribute to excess deaths,” Corman concluded. Had the ransomware attack been paid off, or had the hospital had proper security measures to defend against such attacks, there is a significant chance Nicko Silar could have been saved.
With the rise in such deadly ransomware attacks, insiders have been invited to address Data Connectors’ attendees on their takeaways and best practices in this new threat landscape. One of those experts is Menny Barzilay, CEO at Cytactic. Barzilay addressed the New England Virtual Cybersecurity audience this past August with his Keynote presentation, “Cyber incidents kill. They have killed before. They will kill again.” He discussed how life-threatening cyberthreats should be incorporated into the risk management process in a way that would allow security experts and decision-makers to identify and tackle such threats effectively. He also encouraged attendees to understand why the cyber industry must adopt the right mindset when human lives are at stake and incorporate this notion into their standards, policies, and methodologies.
“Cyber incidents have already cost human lives in the past. And they will soon again. Yet, most cyber professionals haven’t yet fully embraced their responsibility to protect human lives.” he said. “A tectonic shift in the cyber industry is about to happen,” he added.
Menny Barzilay writes on all cybersecurity topics like ransomware in his blog “THINK: CYBER.”
In his blog article “Cyber Kills,” Barzilay lays out the numerous ways in which cyberattacks, especially ransomware, can destroy lives. The most terrifying include, “After an attack on emergency call systems (like 911 in the US) we’ll hear about people getting killed because the emergency responder was not available in time, and after an incident in which pictures will be leaked, we’ll hear about people committing suicide.”
In the same vein, Jaycee Roth, Associate Managing Director of Cyber Risk at Kroll, will present “From the Ransomware Frontlines: R-Rated Takeaways” at the upcoming Canada West Virtual Cybersecurity Summit. With the same warnings as Barzilay, Roth will address encryption, exfiltration, and the rise of the triple extortion and what it means for organizations. She will also instruct which steps precede ransomware detonation along with effective precursors to monitor for and how to act before detonation. These precautions will aim to stop such devastating attacks.
Ransomware attacks have significantly escalated over the last few years. This escalation now impacts lives ranging from exploitation to life-threatening interruptions. For more resources on ransomware, be sure to check out our news page for the latest in cybersecurity news. You can also attend one of the upcoming virtual summits and conferences where ransomware will continue to be a recurring topic among the community.