‘Grey’s Anatomy’ and the Reality of Ransomware Attacks

JOE CISO on November 30, 2017 | 1

The latest season of ABC TV’s Grey’s Anatomy ended with an unusual – and potentially deadly – twist. The (fictional) staff of the (fictional) Grey Sloan Memorial Hospital have successfully handled everything from epidemics to legal cases, but this time, when a vicious ransomware attack locked down all systems on the hospital’s IT network, the threat to patients went well beyond illness and injury.

The very real technology and criminal behavior behind this based-on-a-true-story episode was typical: ransomware encrypted every computer file on the system, and the hackers demanded a large sum of money to decrypt the files. While the FBI began investigating the case, the staff struggled to keep the hospital running.  

With much essential equipment not functioning, and no access to medical records, panicked staff members resorted to second-guessing which treatments their patients required. When a sick child was admitted to the ER, staff members realized that depending on his diagnosis, the advised medication would either kill him or save him. Without a functioning computer system, it was impossible to find out exactly what was wrong with him.  As the storyline progressed, the situation went from bad to worse – fast.

Although the fictional attack on Grey Sloan Memorial was leveraged for dramatic effect, it accurately portrays the far-reaching consequences of cyberattacks in every industry, especially healthcare, where the attacks put patients’ very lives at risk.

Grey’s Anatomy brings ransomware into the public eye

What about defensive solutions?

Traditional security tools such as antivirus, firewalls and secure web gateways form an essential first line of defense against cyberattacks by detecting and destroying known malware. However, these solutions rely on advance knowledge of the malicious software in question. Virus databases must be kept up-to-date, and even then, zero-day and newly-launched threats will not be in the database, and can therefore slip past undetected. Hackers have learned to mask malware signatures, evading detection entirely and outwitting even advanced, heuristic-based identification.

Protection without detection

Vulnerable healthcare organizations need another layer of protection – one that does not depend on identifying a website, link or executable file as malicious in order to ward off attacks.

Remote Browser Isolation (RBI) solutions like Ericom Shield were developed to fill this gap. When a user browses the web, or clicks a link in an email, the web page loads within a virtual browser in a one-time-use remote container. Away from the organization’s network, the remote browser renders active code as a clean content stream that is transmitted in real-time to the user’s local browser, providing a seamless, natural, and fully interactive browsing experience. A newly created container is allocated for every remote browsing session and tab, and then destroyed once the user exits the session or tab.

Of course, malware is often embedded in files as well, infecting networks when downloaded from the web to a user’s computer. To combat this issue, Ericom Shield includes pre-integrated file cleansing technology: Files are scanned and sanitized remotely using a process known as CDR (Content Disarm & Reconstruction) before they can be downloaded, ensuring that ransomware can’t reach the network through the download back door.

What happens next?

It’s the question dedicated Grey’s Anatomy viewers are asking, thanks to the mid-season cliffhanger. How will Grey Sloan Memorial Hospital regain control of their computer system? Will they pay the ransom?

In the real world, healthcare organizations worldwide need to up their game, and protect themselves against ransomware attacks. Using a combination of user education, advanced threat detection software, and detection-less solutions such as remote browser isolation, IT & security staff can construct a layered defense against ransomware and other cyberthreats, allowing hospitals to save lives without disruption.

Author | 5 Blog Posts

Joe CISO

Joe CISO is the information security professional responsible for protecting the organization from all cyber threats, including ransomware, dirve-by donwnloads and zero-day exploits. | Ericom Software

Most Popular Articles