Close Menu
Technology Mag

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    Tesla Readies a Taxi Service in San Francisco—but Not With Robotaxis

    July 29, 2025

    Exclusive LegalZoom Promo Code for 10% Off Services

    July 29, 2025

    Top LG Promo Codes for July 2025

    July 29, 2025
    Facebook X (Twitter) Instagram
    Subscribe
    Technology Mag
    Facebook X (Twitter) Instagram YouTube
    • Home
    • News
    • Business
    • Games
    • Gear
    • Reviews
    • Science
    • Security
    • Trending
    • Press Release
    Technology Mag
    Home » Red Tape Is Making Hospital Ransomware Attacks Worse
    Security

    Red Tape Is Making Hospital Ransomware Attacks Worse

    News RoomBy News RoomJune 25, 20244 Mins Read
    Facebook Twitter Pinterest LinkedIn Reddit WhatsApp Email

    “I can tell you with complete confidence that ransomware attacks harm patients,” says Hannah Neprash, an associate professor of health policy at the University of Minnesota, who has researched the impact of ransomware attacks on US hospitals and concluded they result in higher mortality rates. “If you are a patient who has the misfortune to be admitted to a hospital when that hospital goes through a ransomware attack, the likelihood that you’re going to walk out the doors goes down,” Neprash says. “The longer the disruption, the worse the health outcomes.”

    In the hours and days immediately after ransomware attacks, it’s common for companies who have software connected to the targeted organization to pull their services. This can include everything from disconnecting medical records to refusing to email a cyberattack victim. This is where so-called assurance letters come in.

    “We’ve really seen the demand for these letters increase over the past few years as breaches have become much more litigious—from class actions lawyers chasing settlements to lawsuits between businesses,” says Chris Cwalina, the global head of cybersecurity and privacy at law firm Norton Rose Fulbright.

    Cwalina says he is unsure where and when the practice of sending assurance letters started but says it is likely it began with lawyers or security professionals who misunderstood legal requirements or the risks they are trying to prevent. “There is no legal requirement to request or obtain an attestation before systems can be reconnected,” Cwalina says.

    These assurance and attestation letters are often compiled with the support of specialist cybersecurity companies that are employed to respond to incidents. What can be reconnected and when will vary depending on the specific details of each attack.

    But much of the decisionmaking comes down to risk—or at least perceived risk. Charles Carmakal, the chief technology officer of Google-owned cybersecurity firm Mandiant, says companies will be worried that cybercriminals could move “laterally” between the victim and their systems. Companies want to know a system is clean and the attackers have been removed from the systems, Carmakal says.

    “I understand the rationale behind the assurance process. What I would say is that people do need to really consider what is the risk associated with the level of connectivity between two parties, and sometimes people tend to default to the most restrictive path,” Carmakal says. For instance, it is rare that Mandiant sees wormable ransomware moving from one victim to another, he says.

    “Vendors were interested to know that independent, outside cybersecurity experts were engaged with Scripps technical teams and verification that malware was contained and remediated with reasonable best efforts,” Thielman, the CIO of Scripps Heath, says. For Ascension, Fitzpatrick says, the company also held one-on-one calls with vendors and hosted eight webinars where it provided updates. It has also shared indicators of compromise—the traces left by attackers in its systems—with health organizations and the US Cybersecurity and Infrastructure Security Agency (CISA).

    Third-Party Doctrine

    Cybercriminals have become more brazen with attacks against hospitals and medical organizations in recent years; in one case, the Lockbit ransomware gang claimed it had rules against attacking hospitals but hit more than 100. Often these sort of attacks directly impact private sector companies that provide services to public infrastructure or medical organizations.

    “If you look plausibly at the threat picture in the years ahead, disruption to public services and public activity caused by [cybercrime] activity that affects the private sector is probably something that’s going to happen more and more,” says Ciaran Martin, a professor at the University of Oxford and the former head of the UK’s National Cyber Security Centre. In these instances, Martin suggests, there may be questions around whether governments have, or need, powers to direct private firms to respond in certain ways.

    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Email
    Previous ArticleThe Cozey Ciello XL Is a Big, Sort-of Comfy Couch
    Next Article Surface Laptop review: Microsoft’s best MacBook Air competitor yet

    Related Posts

    DHS Faces New Pressure Over DNA Taken From Immigrant Children

    July 25, 2025

    At Least 750 US Hospitals Faced Disruptions During Last Year’s CrowdStrike Outage, Study Finds

    July 24, 2025

    China’s Salt Typhoon Hackers Breached the US National Guard for Nearly a Year

    July 23, 2025

    How China’s Patriotic ‘Honkers’ Became the Nation’s Elite Cyberspies

    July 21, 2025

    Hackers Are Finding New Ways to Hide Malware in DNS Records

    July 19, 2025

    Adoption Agency Data Exposure Revealed Information About Children and Parents

    July 19, 2025
    Our Picks

    Exclusive LegalZoom Promo Code for 10% Off Services

    July 29, 2025

    Top LG Promo Codes for July 2025

    July 29, 2025

    Microsoft Edge transforms into an AI browser with new Copilot Mode

    July 28, 2025

    Women’s ‘red flag’ app Tea is a privacy nightmare

    July 28, 2025
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    News

    Samsung’s One UI 8 might shut down bootloader unlocking on Galaxy phones

    By News RoomJuly 28, 2025

    Samsung’s One UI 8 update seems to prevent users from unlocking their device’s bootloader to…

    The controversial legal tactic The Trump Organization is using to take down fake merch

    July 28, 2025

    Sony calls Tencent game ‘slavish clone’ of Horizon in new lawsuit

    July 28, 2025

    Yet another Pixel 6A caught fire

    July 28, 2025
    Facebook X (Twitter) Instagram Pinterest
    • Privacy Policy
    • Terms of use
    • Advertise
    • Contact
    © 2025 Technology Mag. All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.