DHR, Mission: The hackers & a voodoo doll
I’ve never been a fan of the black arts, so to speak, but with the recent attacks on the City of Mission and DHR Health (Doctors Hospital at Renaissance), I’m thinking it’s time to call in the bruja, or the old brujo, and launch my own attack on the hackers responsible for so much misery.
Jesus said to love our enemies, but I don’t think he meant these people.
In recent weeks, both DHR Health and the City of Mission have been targeted by hackers, who are most likely operating from outside the U.S.
“If you arrive on campus, you will receive care,” DHR said in a statement made last week. “DHR Health facilities — including our hospitals, emergency rooms, medical clinics, imaging centers, surgical services and all patient care sites remain operational and are serving patients.”
The DHR cyberattack took place March 20. The City of Mission was hit with one Feb. 28.
Ransomware, Not Good
Neither DHR or Mission have said if they are victims of ransomware, which means they would have to decide whether or not to use cryptocurrency (Bitcoin, etc.) to pay the hackers for a “key” to unlock their data, presumably now encrypted.
Even that’s not a sure thing, though, because there are stories now in the public domain that tell of ransomware attacks, but after the ransom was paid, the hackers still wouldn’t turn loose the data.
These days, ransomware attacks are all over the news. Do a simple online search “ransomware attacks.”
They have been going on for a few years. AI just helps facilitate the criminal act.
Obviously, cities, and more to the point, medical facilities, are frequent targets due to the sensitive material they store on their servers.
Typically, the hacker(s) will not only hack the servers, but also the backup servers.
The only real way to safeguard against an attack, based on its current degree of sophistication, is for each department in, say, a hospital or city, to manually back up their data each day, with an automatic backup for an extra safeguard.
That way, if you’re the victim of a ransomware attack, at least you can go back to your last backup, and use that to restore your data.
For the larger entities, backing up to the cloud isn’t an option given its cost, and even the manual way has its limitations in terms of time and labor.
AI programs are now being developed to protect against AI-directed ransomware attacks, but the question is, who can keep up the fastest?
The good guy, or the bad guy?
Meanwhile, the phone line has how many people calling, upset, wanting to know how much of their personal data was stolen?
Probably the best way to look at it, according to one IT expert with whom I spoke, is to just assume that all your data is now online no matter where you are.
Your name, your social, your address, your phone number, your date of birth, etc, etc., etc. If you use that mentality, then you can meet with your banker, your credit card rep, and ask, “Hey, what if a hacker uses my personal information for malicious reasons? Buy a TV I never saw?”
Will you refund my money, and how many hoops will I have to jump through to get it back?
Sadly, these days, for people with relatively high credit scores, it’s not a question of if a hacker is going to get their personal info, but when.
A Rough Ride
Assuming this is a ransomware attack, and a ransom is paid, the public will never find out how much DHR had to pay to get back their information. Which is as it should be, since it’s privately owned.
The city of Mission, however, will have to disclose how much was paid out to the ransomware hackers because it will be public money used to pay the hackers.
Which is really a problem in and of itself, because if large numbers are released to the public — there’s a hospital now online that paid out more than $20 million for one ransomware attack — that just seems to serve as an incentive to wouldbe hackers who may live in Eastern Europe or wherever, well outside the confines of normal U.S. jurisdiction, even if this falls under the category of international crimes.
It’s easy to sympathize with both entities. No one deserves that level of BS.
The employees who work at both operate under increased stress on most good days. Imagine what it must be like when all, or a good chunk, of your data is shut down, held up for a ransom payment.
Your normal customer who’s never happy on a good day is not going to be happy with you. When the media reports that you can’t access this data, he or she will then call up to complain because he’s heard that you had a cyberattack, and now they’re worried about their data being stolen.
“Who’s on the line? Karen?”
Without the existence and widespread availability of cryptocurrency, particularly Bitcoin, ransomware attacks as we know them today would be significantly harder to pull off, and likely far less prevalent and impactful.
Cryptocurrency, while not entirely untraceable, does indeed offer a significant degree of pseudonymity that traditional payment methods lack. No bankers standing in your way.
This makes it much harder for law enforcement to track the flow of ransom payments back to the attackers. Without this, the scum of the earth posing as hackers would be forced to use methods like: bank transfers, prepaid gift cards, cash, money transfer services.
For cybercriminals, Cryptocurrency is the bomb, because it allows for quick and borderless transactions. What can be easier?
Attackers can demand and receive large sums of money from victims located anywhere in the world within minutes, without significant fees or scrutiny. Traditional methods are slower, more expensive, and often involve more intermediaries, increasing the risk of detection So maybe the bruja approach is worth considering. Granted, I’d have to worry that I didn’t anger any one of them because then they could cast a spell on me.
“Pinche vato.”
But if I could come up with a general spell to use on these cyberhackers who often demand that a ransom get paid after encrypting your data, then that would be a good thing. For everyone, because we’re all at risk of identity theft, made easier with cyberattacks.
How much nicer the world would be.
Odd sidenote to cryptocurrency’s Bitcoin: No one knows who actually came up with it because the founder’s name is a pseudonym.
Look it up online: “Secrecy behind Bitcoin’s beginning.”
Based on a free-market ideology, Bitcoin was invented in 2008 by an unknown entity under the pseudonym of Satoshi Nakamoto. Use of the first real cryptocurrency began in 2009, with the release of its opensource implementation. In 2021, El Salvador adopted it as legal tender.
Here’s the real kicker:
If you or I had invested $1,000 worth of Bitcoin in 2010, you know how much that would be worth today?
You probably don’t want to know, because then you’ll feel like an idiot, too.
Answer: $31 billion. (Source: NASDAQ.com.)
Last but not least: Good luck to DHR and the City of Mission getting through the recent cyberattacks.