How quick thinking stopped a ransomware attack from crippling a Florida hospital - CNNPolitics
'Lock it down and piss people off': How quick thinking stopped a ransomware attack from crippling a Florida hospital
Anchor Muted Background
By Sean Lyngaas, CNN
Updated 2015 GMT (0415 HKT) January 16, 2022
Here's everything you need to know about ransomware
Marjorie Taylor Greene accuses Nancy Pelosi of running 'gazpacho police'
Gunshots rang out as CNN gets first look at standoff in East Ukraine
'We're not doing a good enough job': Roger Goodell says NFL can do better with diversity
Vehicles from the protest convoy are parked blocking lanes on a road, Sunday, Jan. 30, 2022 in Ottawa. Residents of the national capital are again being told to avoid traveling downtown as a convoy of trucks and cars snarl traffic protesting government-imposed vaccine mandates and COVID-19 restrictions. (Adrian Wyld/The Canadian Press via AP)
Small group of Canadian protesters get big support from US conservatives
BEVERLY HILLS, CALIFORNIA - NOVEMBER 03: Bob Saget attends the Women's Guild Cedars-Sinai Annual Gala at The Maybourne Beverly Hills on November 03, 2021 in Beverly Hills, California. (Photo by Phillip Faraone/Getty Images)
Dr. Gupta explains what to do if you sustain a serious head injury
Snow is melting in Ukraine. That could be a problem for the Russians
Watch: McConnell breaks with the RNC over Jan. 6 insurrection
GOP lawmaker apologizes after this tense altercation over masks
Your Super Bowl party is going to cost a lot more this year
Here's everything you need to know about ransomware
Clipper system brings snow to the Midwest while California continues with heat in-store through the weekend
A pedestrian walks past a certified pre-owned car sales lot in Alhambra, California on January 12, 2022.
Annual inflation near 40-year high: Here's what got more expensive
Why Mike Pence just ruined his presidential hopes
PERRY, GA - SEPTEMBER 25: Former President Donald Trump speaks at a rally on September 25, 2021 in Perry, Georgia. Republican Senate candidate Herschel Walker, Georgia Secretary of State candidate Rep. Jody Hice (R-GA), and Georgia Lieutenant Gubernatorial candidate State Sen. Burt Jones (R-GA) also appeared as guests at the rally. (Photo by Sean Rayford/Getty Images)
Book reveals Trump staff found flushed papers in White House toilet
See Ted Cruz's big flip on Jan. 6 after McConnell's remark
Watch: Tesla in 'Autopilot' mode crashes into police car
Trump supporter participated in Jan. 6 now calls movement a 'cult'
Marjorie Taylor Greene accuses Nancy Pelosi of running 'gazpacho police'
Gunshots rang out as CNN gets first look at standoff in East Ukraine
'We're not doing a good enough job': Roger Goodell says NFL can do better with diversity
Vehicles from the protest convoy are parked blocking lanes on a road, Sunday, Jan. 30, 2022 in Ottawa. Residents of the national capital are again being told to avoid traveling downtown as a convoy of trucks and cars snarl traffic protesting government-imposed vaccine mandates and COVID-19 restrictions. (Adrian Wyld/The Canadian Press via AP)
Small group of Canadian protesters get big support from US conservatives
BEVERLY HILLS, CALIFORNIA - NOVEMBER 03: Bob Saget attends the Women's Guild Cedars-Sinai Annual Gala at The Maybourne Beverly Hills on November 03, 2021 in Beverly Hills, California. (Photo by Phillip Faraone/Getty Images)
Dr. Gupta explains what to do if you sustain a serious head injury
Snow is melting in Ukraine. That could be a problem for the Russians
Watch: McConnell breaks with the RNC over Jan. 6 insurrection
GOP lawmaker apologizes after this tense altercation over masks
Your Super Bowl party is going to cost a lot more this year
Here's everything you need to know about ransomware
Clipper system brings snow to the Midwest while California continues with heat in-store through the weekend
A pedestrian walks past a certified pre-owned car sales lot in Alhambra, California on January 12, 2022.
Annual inflation near 40-year high: Here's what got more expensive
Why Mike Pence just ruined his presidential hopes
PERRY, GA - SEPTEMBER 25: Former President Donald Trump speaks at a rally on September 25, 2021 in Perry, Georgia. Republican Senate candidate Herschel Walker, Georgia Secretary of State candidate Rep. Jody Hice (R-GA), and Georgia Lieutenant Gubernatorial candidate State Sen. Burt Jones (R-GA) also appeared as guests at the rally. (Photo by Sean Rayford/Getty Images)
Book reveals Trump staff found flushed papers in White House toilet
See Ted Cruz's big flip on Jan. 6 after McConnell's remark
Watch: Tesla in 'Autopilot' mode crashes into police car
Trump supporter participated in Jan. 6 now calls movement a 'cult'
Marjorie Taylor Greene accuses Nancy Pelosi of running 'gazpacho police'
(CNN)It was approaching midnight on Sunday and the head of IT at a Florida hospital had a problem.
The emergency room of Jackson Hospital, a 100-bed facility on Florida's panhandle, called to report that it couldn't connect to the charting system that doctors use to look up patients' medical histories. Jamie Hussey, Jackson Hospital's IT director, soon realized that the charting software, which was maintained by an outside vendor, was infected with ransomware and that he didn't have much time to keep the computer virus from spreading.
The hospital shut down its computer systems on his advice.
"If we hadn't stopped it, it probably would've spread out through the entire hospital," Hussey said. Hospital staff ditched the electronic records and reverted to pen and paper to keep the hospital running and organized, he said, but patient care wasn't disrupted.
As Hussey spoke to CNN Tuesday, the hospital's IT systems were gradually coming online, and he was expecting phone calls from the FBI (which investigates hacking incidents) and Aon, a cybersecurity consultancy that Hussey said was supporting the recovery. He was trying to figure out if the hackers had stolen any hospital data, and if they might need to be paid off to get it back.
Jamie Hussey, IT director of Florida's Jackson Hospital at work
Jamie Hussey, IT director of Florida's Jackson Hospital at work
The damage could've been far worse.
Jackson Hospital is just one of several dozen health care organizations across the US that have had to battle ransomware attacks since the coronavirus pandemic began. The disruptions have cost the sector millions of dollars and prompted urgent calls to hospitals from federal officials to be wary of cybercriminal groups.
One suspected ransomware attack in October 2020 forced the University of Vermont to delay chemotherapy appointments, while another in August 2021 prompted the emergency room at Memorial Health System in Ohio to divert patients to other facilities.
In the early minutes and hours of a ransomware attack, hospital cybersecurity teams are on the front lines of the response; help from federal agencies like the FBI might come later.
Yet hospitals don't often publicly discuss how quick thinking and preemptive action can be the difference between containing a hack and having it spiral out of control. For Hussey, it has meant minimal sleep since Sunday, and the weight of a 600-person staff at Jackson depending on his IT team of about a dozen to get hospital computers up and running again.
"The new guy I just hired is a cybersecurity graduate, so we broke him in really early," he quipped.
A gradual recovery
Though Hussey's team acted quickly, Jackson Hospital's IT systems haven't come away completely unscathed.
The emergency room's charting system could be offline for the rest of the week, he said. (Doctors have been getting ER patient records from other parts of the hospital network).
The entire hospital had to temporarily switch to what medical professionals call "downtime procedures" — contingency plans after Hussey's team shut computers down. For several hours, things like physician notes and prescriptions for patients were processed by hand.
The attackers also encrypted a computer server that Jackson Hospital uses to store non-critical organizational documents. Hussey was trying to figure out if there was anything in those files that contained data on Jackson patients and, if so, if the hospital should pay a ransom to get them back (he said he wasn't aware of any ransom demand from the hackers).
The ransomware that Hussey's team found on the charting system is known as Mespinoza and has racked up 190 victim organizations worldwide across various industries, including several in health care, according to a Department of Health and Human Services advisory on the group last week.
The hacking group is just one of several that haven't refrained from hitting health care organizations during the pandemic. A study last year by the US Cybersecurity and Infrastructure Security Agency found that ransomware attacks can "lead to significant and sustained" strain on hospitals already reeling from a flood of coronavirus patients.
Allan Liska, senior threat intelligence at cybersecurity firm Recorded Future, said there were 134 publicly reported ransomware incidents involving health care organizations in 2021, up from his 2020 tally of 106 incidents.
But many ransomware attacks don't make the news.
"I've worked with a number of healthcare providers recently that have managed to stop a ransomware attack during the reconnaissance stage," Liska told CNN. "Sharing this information helps other organizations better understand what they should be looking for and developing better strategies for stopping ransomware."
'Lock it down and piss people off'
The recovery process at Jackson Hospital has been meticulous to ensure that malicious code isn't lingering in some neglected part of the network.
Hussey's team went down the list of computer systems across the hospital, starting with the most critical, and made sure they weren't infected with ransomware. They physically disconnected the hospital's electronic health records system from the rest of the computer network to check them for malicious code before reconnecting to the system.
By Wednesday, hospital computers were back online except for the charting systems used by the ER.
Hussey said the decision to shut computer networks down may not be popular with some hospital staff, "but it's better to be down a day than be down a month."
"Lock it down and piss people off," Hussey, who has worked at Jackson for over 25 years, said in a Southern drawl. "It's what you have to do just to secure your network."
Anchor Muted Background
By Sean Lyngaas, CNN
Updated 2015 GMT (0415 HKT) January 16, 2022
Here's everything you need to know about ransomware
Marjorie Taylor Greene accuses Nancy Pelosi of running 'gazpacho police'
Gunshots rang out as CNN gets first look at standoff in East Ukraine
'We're not doing a good enough job': Roger Goodell says NFL can do better with diversity
Vehicles from the protest convoy are parked blocking lanes on a road, Sunday, Jan. 30, 2022 in Ottawa. Residents of the national capital are again being told to avoid traveling downtown as a convoy of trucks and cars snarl traffic protesting government-imposed vaccine mandates and COVID-19 restrictions. (Adrian Wyld/The Canadian Press via AP)
Small group of Canadian protesters get big support from US conservatives
BEVERLY HILLS, CALIFORNIA - NOVEMBER 03: Bob Saget attends the Women's Guild Cedars-Sinai Annual Gala at The Maybourne Beverly Hills on November 03, 2021 in Beverly Hills, California. (Photo by Phillip Faraone/Getty Images)
Dr. Gupta explains what to do if you sustain a serious head injury
Snow is melting in Ukraine. That could be a problem for the Russians
Watch: McConnell breaks with the RNC over Jan. 6 insurrection
GOP lawmaker apologizes after this tense altercation over masks
Your Super Bowl party is going to cost a lot more this year
Here's everything you need to know about ransomware
Clipper system brings snow to the Midwest while California continues with heat in-store through the weekend
A pedestrian walks past a certified pre-owned car sales lot in Alhambra, California on January 12, 2022.
Annual inflation near 40-year high: Here's what got more expensive
Why Mike Pence just ruined his presidential hopes
PERRY, GA - SEPTEMBER 25: Former President Donald Trump speaks at a rally on September 25, 2021 in Perry, Georgia. Republican Senate candidate Herschel Walker, Georgia Secretary of State candidate Rep. Jody Hice (R-GA), and Georgia Lieutenant Gubernatorial candidate State Sen. Burt Jones (R-GA) also appeared as guests at the rally. (Photo by Sean Rayford/Getty Images)
Book reveals Trump staff found flushed papers in White House toilet
See Ted Cruz's big flip on Jan. 6 after McConnell's remark
Watch: Tesla in 'Autopilot' mode crashes into police car
Trump supporter participated in Jan. 6 now calls movement a 'cult'
Marjorie Taylor Greene accuses Nancy Pelosi of running 'gazpacho police'
Gunshots rang out as CNN gets first look at standoff in East Ukraine
'We're not doing a good enough job': Roger Goodell says NFL can do better with diversity
Vehicles from the protest convoy are parked blocking lanes on a road, Sunday, Jan. 30, 2022 in Ottawa. Residents of the national capital are again being told to avoid traveling downtown as a convoy of trucks and cars snarl traffic protesting government-imposed vaccine mandates and COVID-19 restrictions. (Adrian Wyld/The Canadian Press via AP)
Small group of Canadian protesters get big support from US conservatives
BEVERLY HILLS, CALIFORNIA - NOVEMBER 03: Bob Saget attends the Women's Guild Cedars-Sinai Annual Gala at The Maybourne Beverly Hills on November 03, 2021 in Beverly Hills, California. (Photo by Phillip Faraone/Getty Images)
Dr. Gupta explains what to do if you sustain a serious head injury
Snow is melting in Ukraine. That could be a problem for the Russians
Watch: McConnell breaks with the RNC over Jan. 6 insurrection
GOP lawmaker apologizes after this tense altercation over masks
Your Super Bowl party is going to cost a lot more this year
Here's everything you need to know about ransomware
Clipper system brings snow to the Midwest while California continues with heat in-store through the weekend
A pedestrian walks past a certified pre-owned car sales lot in Alhambra, California on January 12, 2022.
Annual inflation near 40-year high: Here's what got more expensive
Why Mike Pence just ruined his presidential hopes
PERRY, GA - SEPTEMBER 25: Former President Donald Trump speaks at a rally on September 25, 2021 in Perry, Georgia. Republican Senate candidate Herschel Walker, Georgia Secretary of State candidate Rep. Jody Hice (R-GA), and Georgia Lieutenant Gubernatorial candidate State Sen. Burt Jones (R-GA) also appeared as guests at the rally. (Photo by Sean Rayford/Getty Images)
Book reveals Trump staff found flushed papers in White House toilet
See Ted Cruz's big flip on Jan. 6 after McConnell's remark
Watch: Tesla in 'Autopilot' mode crashes into police car
Trump supporter participated in Jan. 6 now calls movement a 'cult'
Marjorie Taylor Greene accuses Nancy Pelosi of running 'gazpacho police'
(CNN)It was approaching midnight on Sunday and the head of IT at a Florida hospital had a problem.
The emergency room of Jackson Hospital, a 100-bed facility on Florida's panhandle, called to report that it couldn't connect to the charting system that doctors use to look up patients' medical histories. Jamie Hussey, Jackson Hospital's IT director, soon realized that the charting software, which was maintained by an outside vendor, was infected with ransomware and that he didn't have much time to keep the computer virus from spreading.
The hospital shut down its computer systems on his advice.
"If we hadn't stopped it, it probably would've spread out through the entire hospital," Hussey said. Hospital staff ditched the electronic records and reverted to pen and paper to keep the hospital running and organized, he said, but patient care wasn't disrupted.
As Hussey spoke to CNN Tuesday, the hospital's IT systems were gradually coming online, and he was expecting phone calls from the FBI (which investigates hacking incidents) and Aon, a cybersecurity consultancy that Hussey said was supporting the recovery. He was trying to figure out if the hackers had stolen any hospital data, and if they might need to be paid off to get it back.
Jamie Hussey, IT director of Florida's Jackson Hospital at work
Jamie Hussey, IT director of Florida's Jackson Hospital at work
The damage could've been far worse.
Jackson Hospital is just one of several dozen health care organizations across the US that have had to battle ransomware attacks since the coronavirus pandemic began. The disruptions have cost the sector millions of dollars and prompted urgent calls to hospitals from federal officials to be wary of cybercriminal groups.
One suspected ransomware attack in October 2020 forced the University of Vermont to delay chemotherapy appointments, while another in August 2021 prompted the emergency room at Memorial Health System in Ohio to divert patients to other facilities.
In the early minutes and hours of a ransomware attack, hospital cybersecurity teams are on the front lines of the response; help from federal agencies like the FBI might come later.
Yet hospitals don't often publicly discuss how quick thinking and preemptive action can be the difference between containing a hack and having it spiral out of control. For Hussey, it has meant minimal sleep since Sunday, and the weight of a 600-person staff at Jackson depending on his IT team of about a dozen to get hospital computers up and running again.
"The new guy I just hired is a cybersecurity graduate, so we broke him in really early," he quipped.
A gradual recovery
Though Hussey's team acted quickly, Jackson Hospital's IT systems haven't come away completely unscathed.
The emergency room's charting system could be offline for the rest of the week, he said. (Doctors have been getting ER patient records from other parts of the hospital network).
The entire hospital had to temporarily switch to what medical professionals call "downtime procedures" — contingency plans after Hussey's team shut computers down. For several hours, things like physician notes and prescriptions for patients were processed by hand.
The attackers also encrypted a computer server that Jackson Hospital uses to store non-critical organizational documents. Hussey was trying to figure out if there was anything in those files that contained data on Jackson patients and, if so, if the hospital should pay a ransom to get them back (he said he wasn't aware of any ransom demand from the hackers).
The ransomware that Hussey's team found on the charting system is known as Mespinoza and has racked up 190 victim organizations worldwide across various industries, including several in health care, according to a Department of Health and Human Services advisory on the group last week.
The hacking group is just one of several that haven't refrained from hitting health care organizations during the pandemic. A study last year by the US Cybersecurity and Infrastructure Security Agency found that ransomware attacks can "lead to significant and sustained" strain on hospitals already reeling from a flood of coronavirus patients.
Allan Liska, senior threat intelligence at cybersecurity firm Recorded Future, said there were 134 publicly reported ransomware incidents involving health care organizations in 2021, up from his 2020 tally of 106 incidents.
But many ransomware attacks don't make the news.
"I've worked with a number of healthcare providers recently that have managed to stop a ransomware attack during the reconnaissance stage," Liska told CNN. "Sharing this information helps other organizations better understand what they should be looking for and developing better strategies for stopping ransomware."
'Lock it down and piss people off'
The recovery process at Jackson Hospital has been meticulous to ensure that malicious code isn't lingering in some neglected part of the network.
Hussey's team went down the list of computer systems across the hospital, starting with the most critical, and made sure they weren't infected with ransomware. They physically disconnected the hospital's electronic health records system from the rest of the computer network to check them for malicious code before reconnecting to the system.
By Wednesday, hospital computers were back online except for the charting systems used by the ER.
Hussey said the decision to shut computer networks down may not be popular with some hospital staff, "but it's better to be down a day than be down a month."
"Lock it down and piss people off," Hussey, who has worked at Jackson for over 25 years, said in a Southern drawl. "It's what you have to do just to secure your network."
