Cyberattack shuts down Windsor Hospitals

[Margaret's boy]

Has this ever happened in Michigan? Windsor hospital sending cancer patients out of town after cyberattack | Windsor Star

[Lowell]

I recall it happening here but can't recall which medical institution. For every attack made know I'd bet there are two or more get hushed. Most attacks, like the one you cite, are ransomware attacks that lock up data. The institutions pay the ransom in cryptocurrency and life quietly goes on.

Legally, I'd think victims would be required to alert affected customers their their data has been compromised. This happened recently to my wife with her dental service. This is usually accompanied, as was in this case too, an offer for two years of free credit and data monitoring. But then that requires surrendering a bunch of personal data to the those watchdogs.

[Jimaz]

I recall it happening here but can't recall which medical institution. For every attack made know I'd bet there are two or more get hushed....

Here's a recent one: McLaren ransomware attack may have leaked patient data to dark web.

McLaren Health Care acknowledged this week that the ransomware attack that took down the computer network at its 14 Michigan hospitals in late August and early September also could have leaked some patient data onto the dark web.

A ransomware gang known as BlackCat/AlphV claimed responsibility for the cyberattack late last week, posting online that it stole 6 terabytes of McLaren's data, including the personal information of 2.5 million patients....

I love documentaries about white hats going after the culprits. Unfortunately, the most successful black hats will always get away with it. The best strategy is maintaining a strong defense {backups, firewall, etc.}.

[Rocket]

The best strategy is maintaining a strong defense {backups, firewall, etc.}.

And as a patient, don't go to doctors that put your info on the internet in the first place. I found one that still uses paper files.

[JBMcB]

Computer safety tips:

1. Don't use Facebook or Google as a single-sign-on for other web sites
2. Use different logins and passwords for every web site
3. Use your browser's built-in password manager to keep track of these web sites. Better yet, let it generate passwords for you
4. Keep work stuff and personal stuff separate. I have a work laptop I *only* use for work. No Youtube, no Facebook, *just* work.
5. Use an ad blocker. A *lot* of malicious software comes from bad code injected into ads.
6. Never click on a link in an email, unless you are currently going through a sign-on procedure, or password reset, or something along those lines. If your bank sends you a link to do something, open the bank's web page manually and log in from there.
7. Enable two-factor authentication for your most important accounts - email, banking, insurance, etc... Use an authenticator app or have them text you a code. Also, make sure you have a backup authentication scheme, either a second phone or another computer authorized to log in.

The overall goal isn't to make your accounts perfectly safe, but difficult enough that a criminal will move on to the next easier target. Kind of like putting a "Protected by Guardian" sign in front of your house. Security systems can be bypassed, but most criminals will just move on to the next house.

[stasu1213]

It's one thing to cyber attack hospitals to steal information. It's another thing to cyberattack a hospital causing it to shut down