Here's what it was like to host a security forum when WannaCry hit the globe
SAN FRANCISCO — The timing — though unplanned of course — was just about perfect: Approximately 200 information security professionals were gathered in one room during the Healthcare IT News Privacy & Security Forum late last week just as the largest ransomware attack in history was sending initial shockwaves through the healthcare and infosec communities.
That was Friday morning, West Coast time. I asked Children’s Mercy Hospital of Kansas City senior director of information systems Darrin Prill point blank during a panel discussion if the apparently widespread WannaCry attack scared him. Yes, it did.
“We’re checking everything right now,” Prill said. “We’re making sure all related patches are up to date.”
Pretty much everyone was scared — and it wasn’t just about WannaCry, either. President Donald Trump had just fired FBI Director James Comey, days after he told the American Hospitals Association that paying cybercriminals a ransom is a mistake. U.S. intelligence leaders publicly warned against trusting the possibly-KGB trained security firm CEO Eugene Kasperky, whose software is already used by millions of Americans.
[WannaCry timeline: How it happened and the industry response to ransomware attack]
Just the week before, notorious hacker TheDarkOverlord delivered on a threat to put some 180,000 patients records up for sale on the dark web.
Now, to be certain, the fear in that room on Friday wasn’t the ‘catch-the next-flight-outta-Frisco’ kind of fright; rather, the CISOs, security specialists, health IT professionals and technology vendors were in the mode of checking email incessantly, picking up the phone as soon as it rings, stepping out of the room to handle matters immediately, and asking each other about what they were doing in response.
What we knew then was that cybercriminals or hackers had launched what appeared to be a successful attack on a number of National Health Service units in England and Scotland, they had the health data locked down and were nefariously, and perhaps cleverly, escalating the amount of ransom demanded to give the data back, and that other non-health related companies across Europe had also fallen prey to the WannaCry malware.
FBI Special Agent MK Palmore said during the Friday morning opening keynote that 51 percent of breaches are perpetrated by organized crime because they have no barriers, obstacles or costs inhibiting them from launching cyberattacks.
“This is the environment you guys are living in. It’s completely defensive in nature,” Palmore said, likening even teenage hackers’ advantage to that of the team that has possession of the ball in a football game. “You guys are not playing offense and you are expected to win at all times in a defensive posture.”
Friday was the second day of the security conference so it’s worth noting that everyone in attendance had already spent the previous day hearing that 75 percent of hospitals are living under the cybersecurity poverty line right now (exactly what that metric is, admittedly, remains unclear) and ransomware and internet of things cybersecurity vulnerabilities will continue to get worse in the months ahead.
Among the insights and advice attendees received were anti-phishing tips from Texas Hospital Association Chief Digital Officer Fernando Martinez that I’d bet NHS officials wish their users already knew.
Another takeaway was the rare glimpse of hackers in the wild that Protiviti shared based on its honeypot experiment putting fake medical devices online and then watching how cybercriminals swarmed to the devices.
And Kim Jones, Director of the Cybersecurity Education Consortium at Arizona State University, shared 6 understandings for CISOs in a talk inspiring success titled “Zen and the Art of Transformational Security."
After the conference closed, of course, we learned about how U.S. hospitals spent the weekend safeguarding their data and, ultimately, a security researcher found a kill switch that essentially rendered the WannaCry ransomware defunct.
One of the glaring realizations to arise in the immediate wake of the massive ransomware attack: Hospitals’ medical device worst-case scenario is even more of a distinct possibility than many people had previously understood.
We’re hosting our next security event in September. Who knows what will happen then?