Missouri's Capital Region Medical Center slammed by cyberattack

December 28, 2021
by Thomas Dworetzky, Contributing Reporter
Capital Region Medical Center was hit by a brutal cyberattack Friday, December 17, it reported on its Facebook page. The breach was uncovered early Friday, at which point the center took down its network, began to investigate the disruption and took emergency measures.

"While our information security team is working diligently to bring our systems back online as quickly, and securely, as possible, nothing is more important to us than the health and safety of our patients and continuing to provide the care our patients expect," stated Lindsay Huhman, CRMC director of marketing and communications, according to a December 23 News Tribune report.

"There are downtime procedures in place for physicians, nurses and staff to provide care in these types of situations, and our staff is committed to doing everything they can to mitigate disruption and provide uninterrupted care to our patients,” Huhman noted, according to the paper.

Its systems and website appeared to still be offline as of early December 27, said a person answering the center's telephone when HCB News reached out for an update.

It is particularly harmful that hospitals, like CRMC, are under attack in the midst of the latest Covid surge. In fact, according to Fox2Now, Missouri has had a “massive jump in newly recorded COVID-19 cases” as the omicron variant has spread through the state.

In November, a new report showed just how prevalent cyberattacks against healthcare providers have become. The report, by data security firm Medigate and cloud-based protection provider CrowdStrike, found that in the prior 18 months 82% of healthcare providers suffered an IoT cyberattack — and 34% of them were hit with ransomware.

There is no easy way around such demands, according to the findings in the study, titled "Healthcare IoT Security Operations Maturity – A Rationalized Approach to a New Normal.” Fully 33% paid the ransom, but only 69% of those reported that doing so led to the full restoration of their data.

"Healthcare now understands the reality of the threat and is doing something about it. And that's a good thing. But when faced with all the advanced options promoting layered defense capabilities, we thought it was time to detail a more simplified approach. HDOs require a unified security approach to defend against evolving threat landscapes,” said Jonathan Langer, co-founder and CEO of Medigate, in a statement.

And a study by the American Hospital Association, "Ransomware Attacks on Hospitals have Changed," reported that such attacks are now even causing threats to the lives of patients.

"Hospital leaders can take a more direct role in strengthening the sector's cyber defenses by participating in and promoting public-private partnerships and other collaborative efforts," the report advised.

According to the Tribune, the AHA also depicted the growing size of the threat. "More than 600 U.S. health care organizations and more than 18 million patient records were affected in 2020 alone at an estimated cost of nearly $21 billion," according to the publication.

Cybercrime in the future is likely to bet more sophisticated and difficult to stop. In a study reported by HCB News December 23rd, AI models and human radiologists were easily fooled by hacks that manipulated images.

University of Pittsburgh researchers, reporting in Nature Communications, simulated an attack that falsified mammogram images, which succeeded in fooling AI models almost 70% of the time and human radiologists from 29% and 71%, depending on the individual.

“What we want to show with this study is that this type of attack is possible, and it could lead AI models to make the wrong diagnosis — which is a big patient safety issue. By understanding how AI models behave under adversarial attacks in medical contexts, we can start thinking about ways to make these models safer and more robust,” said senior author Shandong Wu, associate professor of radiology, biomedical informatics and bioengineering at Pitt, in a statement.