Just what would have filled our media pages and hours in 2020 if COVID-19 and our presidential elections hadn’t provided multiple stories each day?
Just what have we missed? Coverage of events that would have happened without COVID–rodeos, festivals, fairs, conferences, and sports events, including the summer Olympics themselves. Space launches. (Launching of the Mars Rover and Space X’s delivery of new crew members to the International Space Station were great news, but a lot more happened this year.) Trade wars. Recovering animal species.
But the topic that would have filled pages and minutes week after week of 2020 would have been–drum roll, please–cyber hacking and ransomware.
Where did I get such an idea? Look at these headlines: “Top Cyber Security Experts Report: 4,000 Cyber Attacks a Day Since COVID-19 Pandemic” (MonsterCloud, Aug. 11) and “Every Patient Medical Record Has Already Been Hacked And HIPAA Can’t Help You” (Edward Bukstel blog, Jan. 6).
And check these statistics: the FBI reported that cases increased from 1,000 to 4,000 a day this spring; Microsoft reported that attacks involving “phishing or social engineering” have increased from 20,000 to 30,000; and Monsterware reported that ransomware attacks were up 800%.
Plus there are clever, malicious villains with names like Evil Corp, the MAZE gang, Cozy Bear (aka APT29) and Fancy Bear (both Russian government), and the 100,000-member cyber-Unit 61398 (Chinese government).
The backstory is that hackers started serious blackmailing of major companies in 2011. Little made the news though; the damage in public confidence was seen as harmful to both the company and the general economy.
Prior to the 2016 election hackers broke into computers of the National Democratic Party and several state election systems. In 2017 hackers broke into the system of Equifax and got birth dates, social security numbers, addresses, and financial information on 143 million Americans. By this time, every email address in America was receiving attempts to get that same information–plus money.
Recently, hospital systems have been heavily targeted. Nine were attacked during the three weeks prior to our Nov. 3 election. One system, Universal Health Services, operates 250 facilities.
One set of conspirators–known as Wizard Spider or UNC1878–is believed responsible for all nine of those attacks and, perhaps, 75% of all cyber attacks on hospitals.
Attacks use software, usually Ryuk, to encrypt data so that it is not readable. Even though a system has backed up its data, all its computers are infected and unusable. It is forced to rely on paper-based communications. Results of scans and tests must be hand carried or FAXed. Some systems have practiced this, but it is time consuming and increases stress levels.
Encryption data can be uploaded to systems weeks before being activated. Apparently, hackers waited for the recent spike in coronavirus cases.
Hospitals are prime targets. Lives are at stake. Systems are vulnerable because of the number of associates who have access to the system, e.g.accounting firms, consultants, medical transcriptionists, venters, etc. Records on patients include a lot of data not available elsewhere so it is worth top dollar on the “darknet.’ And threatening to publish select information–perhaps emails concerning lawsuits?–increases the pressure to pay ransom.
Ransom costs are in the millions. The FBI has distributed security information and asked companies not to pay, but so far there seems no other way to deal with an infected system.
Okay, major criminal activity isn’t uplifting or inspiring. Yet, ransomware seems to be one issue that Americans aren’t divided on. With the election over, maybe we’ll find more issues like this.