By Paul Keely, general manager, Born in the Cloud business unit at Open Systems.
Cyberattacks are never easy. But when ransomware actors recently hit several U.S. hospitals with attacks, it was especially problematic. Anything that wipes out a hospital’s compute environment is bad because hospitals are now 100% digital. Add to that the fact that the U.S. is recording around 100,000 COVID-19 cases a day, and you’ve got a real challenge on your hands.
This Was a Large and Sophisticated Attack
There are two general types of cyberattacks. Spray-and-pray attacks don’t have a particular target. Attackers simply go into an environment and hope the worm or malware spreads. WannaCry, which crippled the U.K. National Health Service in 2017, is a spray-and-pray attack.
The recent attack on the U.S. hospitals is known as an advanced persistent threat. This kind of attack is far more sophisticated, and focused on a specific area – in this case, the American healthcare system. We haven’t heard of a similar attack in Europe.
This attack doesn’t appear to have been staged for fun by a group of guys in a college dorm room. It’s a big attack. The FBI is telling American healthcare systems to block 150 IP addresses.
The Threat Ravaged Some and Left Others Unscathed
Some of the targeted healthcare organizations were severely affected by this recent attack. The malware landed on computers and moved very rapidly to encrypt hard drives, making the IT resources of these organizations essentially useless.
At least one impacted organization may have to build and migrate everybody slowly but surely to a new Active Directory environment. That’s a doomsday scenario. Active Directory acts as the very core of an organization’s identity. Without Active Directory, an organization can’t say for sure whether its IT environment – and, thus, its organization as a whole – is safe.