Fraud Management & Cybercrime , Healthcare , Industry Specific
ISMG Editors: Hospitals, Patients Suffer Relentless Attacks
Also: Innovation Amid Israel-Hamas War; Future of Gen AI and Industrial Automation Anna Delaney (annamadeline) • November 17, 2023In the latest weekly update, editors at Information Security Media Group discuss innovation in the Israel-Hamas war, how an increasing number of healthcare providers in the U.S. and Canada have recently had to transfer patients to nearby facilities as a result of cyberattacks, and the future of AI and industrial automation.
See Also: Corelight's Brian Dye on NDR's Role in Defeating Ransomware
The panelists - Anna Delaney, director of productions; Tom Field, senior vice president, editorial; Marianne Kolbasuk McGee, executive editor, HealthcareInfoSecurity; and Michael Novinson, managing editor, business - discussed:
- How a growing number of regional healthcare providers in the United States and Canada have recently been forced to shift patients to neighboring facilities because of highly disruptive ransomware attacks;
- Takeaways from an interview with Ami Daniel, CEO of Windward, on resilience and innovation during the Israel-Hamas war;
- Highlights from the Rockwell Automation Fair, including predictions on how generative AI will shape the future of industrial automation software development and user experiences.
The ISMG Editors' Panel runs weekly. Don't miss our previous installments, including the Nov. 3 edition on the record surge in ransomware and the Nov. 10 edition on the latest updates in AI tech and regulations.
Transcript
This transcript has been edited for refined for clarity.
Anna Delaney: Hello, and welcome to the ISMG Editors' Panel. I'm Anna Delaney, and here we share the top cybersecurity news cybercrime trends and tech innovations on a weekly basis. I'm very pleased to be doing so with Tom Dield, senior vice president of editorial, Marianne Kolbasuk McGee, executive editor of HealthcareInfoSecurity, and Michael Novinson, managing editor of ISMG business. Great to see you all. Tom, start us off this week. So you've been interviewing more Israeli tech founders and CEOs as part of the series that you're conducting - "Insights from Israel." Each interview, I must say, is as inspiring as the other and also jaw dropping in terms of what they and their teams and their families are going through right now. So why don't you share insights from your latest conversation?
Tom Field: I will and honestly I didn't intend to do that for three meetings in a row here. But the interview I conducted last week with the gentleman I'm going to share was so compelling when I asked him about how things had changed since October 8, that I wanted to share this with you and with the broader audience here as well. And what I learned from every one of these discussions, and I can ask the same questions, but the answers are so unique. And the message is that war disrupts lives. From disruption, comes resiliency, but also can come innovation. And innovation is what sustains us going forward. And so what I want to share today, it's a longer clip, but I think it's a worthwhile one, because it shows how in the shadow of these terrorist attacks, our source here, in his company, were able to innovate in a way that saved lives, changed business, and let me underscore saved lives. So mind if I share a clip from my discussion with Ami Daniel, he is the CEO of Windward.
Ami Daniel: I woke up with my wife, my kids from a siren 6:32 a.m., Saturday, a month ago. And my wife told me instantaneously, Ami, it's like the Yom Kippur War, which was 50 years to the Yom Kippur War. I don't know how she knew it. But she knew. It took me about 25 minutes to wrap my head around what she's saying. And I said, okay, listen, let's think about what we could do. So we ended up writing a lot of WhatsApp messages to friends and like to group saying, how can we help? And this guy came back to me and said, talk to my lawyer. I was like okay, that ain't a bad thing, but maybe we can help him. And for the first time, I think in my life, out of my own will, I call a lawyer and say, hey, what's up? How can I help? And he said, listen, my daughter right now is locked in and she ran from this party and there are terrorists around her, can you help her? I was like, excuse me? Can you say that again? He says, yes, my daughter ran from a party. Her boyfriend got shot. She's like locked out somewhere, can you help her? I said, listen, and let me try. And I WhatsApp his daughter - listen, your dad said this. She says, Ami, help me. There are terrorists here, my boyfriend got shot, his friend got shot, we're surrounded by bodies and there are terrorists out here. Just help me get out of here. And normal people would have said, maybe sorry, can't do it. I said, on it. I just said on it. So I turn to my wife. She said, why you don't call this friend of ours, which is general and I call him and he says, listen, I have this lady locked in. Can you help and he says here's a guy, call him. So I ended up working with the army and finding hostages in the field, in different kibbutz or cities. And at the same time finding the army people and the forces on the ground and connecting between them one by one, and directing the army forces to where there are hostages. And the same time supporting mentally to hostages and saying listen, the Army is coming and you're five minutes away, where are you and so forth. So doing that Saturday, we ended up saving dozens of families this way, including that lady by the way. Sunday morning, I woke up and I said we're all done and went to sleep like 3 a.m., when I finished like multiple of these cases. And my wife turned to me and says, what do we do now? I said, back to normal, and we get a flood of like hundreds of people writing me WhatsApp messages and to my friends - get us out, get us out, get us out, the terrorists are here. So we ended up calling a few of our friends. And suddenly like by 10 a.m., on Sunday, we had about 20 people in our house. My kids were printing maps, connecting screens, people were coming in getting assignments from us and getting people out. And by Monday, we understood its national need. So we ended up building a national product - tech product - for saving people under the fire called Kvar Baim, which means we'll be right there. So we scaled that product together, with all the authorities, and it's right now national, fully operational care product that already saved hundreds of people.
Field: To say, this is why I do this work, this is why I conduct these interviews, to be able to share stories like that. I just find that incredibly inspiring.
Delaney: Incredible innovation. Stressful, heartbreaking time. And what I found quite moving is this drive - this community drive - the determination to help each other and even his own children volunteering in the rescue effort. So as you say, it's very inspiring.
Field: I come out of with the drive that next time I'm in any kind of a crisis or someone that I know is, I hope I had the presence to respond to it with "on it."
Delaney: Very compelling interview. Thank you, Tom, for sharing. Marianne, moving on to your story. So a growing number of regional healthcare providers in the U.S. and Canada have recently been forced to move patients to neighboring entities due to cybersecurity incidents. So talk to us about this troubling trend.
Marianne McGee: Sure, the trend isn't new, but because there has been a flurry of these sort of regional attacks in recent weeks, it's just drawing more attention to this problem again. And basically, there's been a number of cyberattacks recently on regional hospitals that have forced these hospitals to basically move patients or divert patients to other neighboring facilities. And one of the latest entities that recently suffered a ransomware attack where it's caused them to divert ambulances and patients is Tri-City Medical Center, which is an acute care public health hospital with 144 beds that serves four communities in San Diego, California. That hospital is dealing with the situation right now. But it's not just a U.S. problem, as you mentioned. In Canada, there's been five regional hospitals in recent weeks that were affected by a ransomware attack on their shared IT services provider. And those hospitals said that despite this attack happening in October, they don't expect to have a full recovery until at least mid-December, during which time they are still being forced to either postpone or cancel various patient procedures, and in many cases, diverting those patients to other area facilities because doctors just can't access the records that they need to provide safe care to those patients. So when a regional hospital suffers a disruptive attack like these, the incidents have a widespread negative impact on the new neighboring hospitals that are all of a sudden picking up the slack. For instance, the added hospital patient loads for these nearby facilities puts a lot of extra stress on the entities, their staff and ultimately affects patients. Now, in May, The Journal of American Medical Association or JAMA, published a report finding that hospitals adjacent to healthcare delivery organizations that are affected by ransomware attacks often see increases in the volume of patients that they serve and may as a result experience resource constraints that affect time sensitive care for conditions such as strokes. The author has said that the study finds that the targeted hospitals, which then send their patients off to the other hospitals, should be looking at this as a community as a regional sort of disaster and to plan for such. The authors said that the report's findings support the need for coordinated regional cyber disaster planning. And the study also says that the potential care of patients from these cyberattacks also just emphasizes that need for hospitals to build resiliency for not only cyberattacks, such as ransomware, at their own organizations, but their plans for dealing with such incidents at neighboring facilities. A separate study also earlier this year by the Parliament Institute found that patient care diversions due to ransomware attacks are on the rise. That survey of nearly 600 healthcare technology and security leaders found that respondents who reported that their entities did experience a ransomware attack in the last year. Of those 70% said their organizations had to either divert or transfer patients to other facilities, which was up from 65% the year before. Now I spoke with Josh Corman who served as chief strategist at CISA, on the agency's COVID Task Force during the height of the pandemic. And he tells me that these studies are just more proof that hospitals need to carefully hone not only their own incident response plans, but that for the community. Corman said that hospitals' Cyber Incident Response Plans overrule or often poorly rehearsed, and especially not at all well-rehearsed for regional outages. And Corman says that there needs to be a change in this sort of mindset, not only for the sake of patients, but also for the sake of the medical institutions themselves. And they're overworked clinicians who face added stress and burnout in these incidents. And that's when mistakes happen. So it's very important that these hospitals not only look at their own response plans, but what happens if one of their neighboring hospitals also suffers an attack, which is happening more and more often, it seems.
Delaney: And from your perspective, Marianne, is this a resource issue or just management/governance issue? Where does the heart of this problem lie?
McGee: Yeah, I think a lot of it sort of was during the pandemic, for instance that was like, the worst possible time to have a ransomware attack or something like this, but even post that time where you have an overstressed healthcare system often, also when it comes to the regional hospitals you may be in a region, like San Diego, that's highly populated area, and okay, for communities, their one main hospital is not operating, but there's other hospitals to go to, but in some communities, the next hospital might be maybe a few hours away, if it's a trauma hospital or something like that. And those hospitals are at distance, but they also need to be ready to take in patients as if it was some sort of other kind of crisis. But when it comes to the more compact cities that have hospitals that suffered these attacks on again, there's all sorts of clinical shortages, in terms of specialty providers, and your workers and other physicians that treat patients for special ailments or cancer, and when you're the those patients that are used to getting their care there or suddenly forced to go elsewhere, not only is it an overburdening of that other crew, they also then need to be able to try to access the records of these patients, which are often inaccessible to them too if they're on a network where these records are stored and that entity is now offline. So it's not just something in your own backyard. It's wider spread when a hospital has an incident like this where you're forcing patients to go elsewhere.
Delaney: Massive challenge. Thank you, Marianne. Michael, you attended the Rockwell Automation Fair last week. What are your overall impressions of the event? Any trends/takeaways you can share?
Michael Novinson: Absolutely. Anna, thank you for the opportunity. Rockwall has such a broad scope of areas where they focus in terms of manufacturing chemicals, oil and gas, and food and beverage. But I'm going to double click on two areas that I think would be most relevant to our readership. First is the investments they've made in cybersecurity. And then second is the investments they've made around artificial intelligence. I'll start with the cybersecurity piece first here, and there is a talk during their keynote addresses about specifically around cyber risk as it relates to external hard drive, as well as the targeting of programmable logic controllers, or PLCs. So starting first with the external hard drives, this is a big challenge when it comes to industrial facilities, such as wastewater treatment plants, because they're small, they're easy to conceal, and they look like a normal device. So you're seeing a combination here of the physical and the cyber. So you could have a phony inspector or somebody who pretends to be on the grounds of a wastewater treatment facility for legitimate reasons, enter in and then use a Raspberry Pi computer, in fact, infested with malware, put it on an external hard drive and then get into the organization systems in that manner. And if there wasn't adequate controls in place, this would allow the phony inspector to walk out of the facility with valuable internal proprietary information in terms of what they're doing. In a similar vein, insider attacks also can be a challenge when it comes to external hard drives or other attack vectors, given that they do have the right credentials. And are the folks that Rockwell emphasizing the need for multiple layers of protection, regardless of credentials to make sure that there are checks and invalidation required, regardless of who somebody is purporting to be. In a similar vein in terms of programmable logic controllers. And this would be an escalation if that wastewater treatment plant was able to prevent the spread of malware through an external hard drive, what they can do is go after that PLC, which is an industrial computer that is used at wastewater treatment facilities to automate processes. And a successful attack against the PLC could, for instance, allow a threat actor to change the chemicals that are flowing through a water treatment facility. The folks at Rockwell were talking about the need for advanced planning here, the need for protections like vulnerability management, as well as greater management and monitoring around the PLC itself. So that's where they're doing a lot of investments, they are focused on that whole cybersecurity lifecycle all the way, from upfront consulting to IR and remediation services. These are some of the emerging cyberthreats they see for industrial facilities. At the generative AI front, there's a couple areas where they're using generative AI internally, specifically, they're doing a lot around code samples, they're doing a lot around Q&As. And then they're focusing on personalization and customization. And the reason that Rockwell has been able to do so much in the generative AI front is that the tax bases in modern software development can be either a generative AI tool is able to read produce and generate text. So terms of from a code snippet standpoint that they built into their design studio product, which is focused on industrial design, this idea of smart creation are using generative AI to create snippets of code within the software. And this allows for some upskilling, allows less experienced designers and programmers to gain the knowledge and the best practices of their most skilled people. It also can help folks get started. They are talking some about this idea of coder's block that these programmers have a problem to solve, but they don't know where to get started. So their feeling was these code snippets can help there. Secondary is around this generative, or general Q&A tool that can help answer common questions from users of their design studio product ... questions like what is this Smart Object? Or how do you create a new Smart Object? And, again, benefits here around that natural language processing that you don't need to know exact search terms. You don't need to be a sophisticated coder to get this information. The queries come back in human readable text. And so that's something that they feel can be broadly applied across their customer base. Finally here, what they're focused on in the go-forward is moving from kind of generating these snippets of sample code to being able to produce code based on the project content or the libraries of a particular customer. And what the folks at Rockwell were saying is once they've trained their products on how to work more effectively with the LLM that they've generated, that customers will be able to use their own libraries and generate code from there. So those are some of that highlights on from both cyber side and the AI side and they're also doing a lot of work with Microsoft. On that AI-side, they're working with Azure's OpenAI to do that. So it's going to be a fascinating space to watch.
Delaney: Brilliant, and were there any startup speakers or particular presentations that you watched?
Novinson: Yeah. So I did particularly enjoy the Judson Althoff who was the chief commercial officer at Microsoft there; he was talking about some of the ways that they've applied generative AI internally within Microsoft and any talk through their staged approach in terms of internal use for employees, how they've extended it to partners like Rockwell, and then what's on the road map in terms of what they're planning to do for customers. So it was interesting to see just how much has changed at Microsoft over the past year. One example I'll give you in terms of the customer support organization that likes a lot of organizations, they've been trying to do some belt tightening, though the economy is in great high interest rates, that they've been able to reduce the amount of personnel and their customer support organization by close to 80% by answering those basic level queries with it application of generative AI, and at the same time, they're receiving higher customer satisfaction and feedback responses than when it was done more manually. So just being 40,000 person organization within Microsoft, not small, but just one example of the potential that generative AI has to offer.
Delaney: It's incredible. Well, thank you very much, Michael. And finally, and just for fun, what's the most groan-worthy cybersecurity AI pun or maybe cliché that you've recently heard?
Field: Before we get there, I want to take the opportunity to announce to our audience that we have just debuted our own AI site under the ISMG umbrella. AIToday.io. I say that I think it's Old MacDonald had a farm. AIToday.io. Please go there. If you're looking for technology, if you're looking for use cases, if you're looking for insights on what organizations are doing to embrace the types of technologies that Michael is talking about, if you're looking to learn more about the business of AI, AIToday.io is the place to go. So that's the plug I want to put out there first, Anna. Then I want to get to the groan, and to me, the groan-worthy term is this - guardrails. I am sick of hearing everyone say we've got to have guardrails around our usage of AI. I've driven for much of my life. And I have seen guardrails in many places, and I always see them dented. I always see them wrecked, I see where vehicles have gone through them. The guardrails aren't necessarily preventing accidents. They're just showing you the trajectory of the accident. So I like to hear us not talk about guardrails anymore.
Delaney: Very good! Okay to talk about regulation?
Field: If you have the visual image, then Marianne may.
McGee: On my mind is more along the lines of breaches, it's not a matter of if, it's when. And you hear this all the time, but it's true. As cliché as it is, it's pretty much true.
Delaney: Yeah, that's a cliché I hear quite often, but as you say, there's a reason for it. Michael?
Novinson: I'm not necessarily going give you a slogan but I think a lot of the examples I've seen are focused on the novelty and it's silly like I've just been to a lot of trade shows and stuff where they have it write a poem about the company or sing a song or just do kind of novel fun stuff that people are doing with relaxes a couple years ago and I think it gets people in the wrong frame of mind that this is essentially not a joke, but just something that's meant to generate laughs But this is an incredible business opportunity tool, without nowadays like demonstrate the internet by like having it show us gifts. So I think trying to move away from having to like, produce songs and poems for us and, it's a business trade shows focusing on business use cases will help us up level the conversation a little bit.
Field:: Yeah. AI-AI-O!
Delaney: The gimmicks, for sure. Trusted partner always makes me laugh. And also humans are the weakest link. I've got to say that, it often comes up as part of this lazy blame game, I think. But three years this month, November 2020, your former president before the presidential election, he stated nobody gets hacked, which I thought was quite fun one. Remember that? To get hacked you need somebody with 197 IQ, and he needs about 15% of your password. Just thought I'll throw that gem in.
Delaney: Thank you very much, all of you. This has been great fun and very informative.
Field: Thanks for having us over.
McGee: Thanks, Anna.
Delaney: Thanks so much for watching. Until next time!