Cyberattacks on critical infrastructure and public services are on the rise the world over. One recent example of this was seen affecting the healthcare sector in Torrejón de Ardoz, a town around 20km east of Madrid. Here, a privately managed hospital fell victim to what seemed to be a ransomware attack.

It all began on January 22, when employees at the hospital detected a bug on their computers. Heads of technology detected that something had infected the institution’s IT systems, forcing them to disconnect and deactivate all the devices on the network.

A hospital paralyzed by a cyberattack_

Luckily, this cyberattack didn’t have too great an impact on the everyday organization and running of the hospital. Luckily, employees were able to make paper copies of all the information they needed to keep the hospital running, which meant that their work wasn’t interrupted. Nor did they have to cancel appointments or operations, and there was no need to sent patients to other healthcare centers. While this is true, the switch to paper slowed down certain work processes, as did the internal investigations into the cause of and possible solution to the problem.

The hospital itself, which is managed by Grupo Ribera Salud, has stated that it is still unsure of the exact cause of the collapse of its IT systems. It did, however, suggest that it was due to a possible ransomware attack, similar to the cyberattacks we’ve seen on a lot of public infrastructure over the last few months, especially those in the healthcare sector.

Under these circumstances, when a public or private organization is paralyzed by a cyberattack, as well as determining the root cause of the infection, there is one task that must be a priority: detecting the infection and, above all, ensuring that it doesn’t spread and cause any more damage.

To avoid these kinds of incidents, organizations must have solutions such as Cytomic EPDR, which combines a full stack of preventive technologies for the endpoint with EDR capabilities and the Zero-Trust Application Service. All of this means that it can prevent, detect, and respond to any kind of known or unknown malware, as well as malwareless and fileless attacks. It also stops malware from running on computers, servers, virtual environments and mobile devices.

19,000 canceled appointments and a cost of 92 million_

All things considered, the hospital in Torrejón de Ardoz may consider itself lucky; the consequences of a cyberattack can be far more serious. This is exactly what happened to the National Health Service (NHS) in England and Scotland, when it was hit by the notorious WannaCry ransomware in May 2017, which damaged companies all over the world.

According to data provided by the UK Department of Health, in this specific case, WannaCry led to the cancellation of 19,000 doctor’s appointments for patients all over the country, who were forced to reschedule or attend another center. But the crisis didn’t end there: WannaCry cost the NHS over £92 million.

The cyberattack itself didn’t affect more than 1% of the NHS’s services, but the effects lasted for a week. What’s more, the action subsequently taken ended up being even more costly than the direct consequences of the attack: the NHS was forced to spend £20 million to cover the cancellations that occurred between 12 and 19 May, and another £72 million on the ensuing cleanup and IT system updates.

What’s more, the organization was obliged to carry out further spending: firstly, a £60 million investment in protecting the most delicate healthcare services (especially traumatology and ambulances). Secondly, another £150 million over the next three years to update its IT systems, which, when WannaCry struck, were running Windows XP.

On the other hand, there is an extra risk: the loss, be it temporary or permanent, of private information belonging to the organization hit by a cyberattack. These cases can be avoided with solutions such as Cytomic Data Watch. Taking endpoint protection as a starting point, it monitors the files stored on devices to search for personal and sensitive data, also allowing files to be erased from the single Cytomic console in order to mitigate risks.

In short, when a sector such as healthcare is exposed to cyberattacks, there are of course financial repercussions, but there is also a far more serious consequence: the paralyzing or interruption of services that are essential for the society as a whole. This means that prevention and a proactive attitude are fundamental for avoiding, mitigating and resolving any kind of problem.