“In wartime, a red cross on a hospital’s roof protects it from bombing. But in cyberwar, there’s no convention to protect hospitals,” says Professor Dr. Harald Dormann, Head Emergency Room Physician at Germany’s Klinikum Fürth hospital. With thousands of networked computers and medical devices crucial to patient care, Klinikum Fürth’s quick thinking turned a malware attack into an unlucky day for cybercriminals.
Tomorrow Unlocked’s video, Malware: A New Virus in the Hospital, tracks how Klinikum Fürth’s actions stopped the ransomware attack in its tracks and likely saved lives.
How do cybercriminals use malware against hospitals?
The first hint of an attack was when Klinikum Fürth’s IT support team started receiving strange emails from users – a hallmark of the dangerously effective malware Emotet.
Emotet spreads by using past emails in Microsoft Outlook to create new emails, with results from convincing to bizarre.
Emotet also uses Wi-Fi networks to spread. If infected, a wirelessly connected device scans nearby networks and infects other devices using a password list.
Klinikum Fürth found 65 systems infected with computer viruses and malware. Thanks to acting fast, they isolated the malware before it encrypted data and held it for ransom – usually the Emotet attack’s goal.
Malware is common. From March to June 2021, Kaspersky software blocked 1.7 billion malware attacks. It’s also becoming more dangerous, with cybercriminals using particularly damaging malware like Emotet for fraud and ransomware attacks.
The hospital’s surgical cyberdefense
Professor Dr. Dormann recounts how hospital staff stepped up when they learned of the cyberattack. “When our CEO told us what had happened, some were nervous. Some were pale. But all were motivated to act.”
First, they began diverting new patients to nearby hospitals. Then they disconnected the hospital from the internet to reduce the risk of infecting other institutions. They put together taskforces of clinicians, administrators and IT staff to analyze the problem. Then, prioritizing the most critical medical devices, they checked for malfunctions. Extra staff were brought in to help switch to paper-based working.
How to stop and prevent malware attacks
Klinikum Fürth’s story offers many lessons. Their fast response shows why organizations should plan what they’ll do if attacked.
Cybersecurity education can help staff get wiser to threats like Emotet’s use of spoofed emails. Strong passwords help defend against malware that uses Wi-Fi networks to spread. Read more about how to prevent and reduce the impact of ransomware attacks.