We have updated our Privacy Policy and Terms of Use for Eurasia Group and its affiliates, including GZERO Media, to clarify the types of data we collect, how we collect it, how we use data and with whom we share data. By using our website you consent to our Terms and Conditions and Privacy Policy, including the transfer of your personal data to the United States from your country of residence, and our use of cookies described in our Cookie Policy.
{{ subpage.title }}
Attacked by ransomware: The hospital network brought to a standstill by cybercriminals
In October 2022, the second-largest nonprofit healthcare system in the US, CommonSpirit Health, was hit with a crippling ransomware attack. Kelsay Irby works as an ER nurse at a CommonSpirit hospital in Washington. She arrived at work after the malware had spread through the hospital network to chaos: systems were down, computers were running slowly or not at all, labs weren’t returning results, and nurses were charting vitals on pen and paper. Even basic things like knowing what medications patients were on or why they came into the emergency room were a challenge, putting lives at risk. The hospital’s nurses and doctors scrambled to manage this crisis for over two weeks until CommonSpirit Health was able to restore access to the IT network
“It was just kind of this perfect storm of very sick patients, not enough help, everybody was super frustrated,” Irby says, “My biggest fear during the whole cyberattack was that a patient was going to suffer because we couldn’t access the technology.”
GZERO spoke with Irby about her experience during the ransomware attack, as well as cybersecurity expert Mora Durante Astrada from Zurich Insurance Group for the final episode of “Caught in the Digital Crosshairs: The Human Impact of Cyberattacks,” a new video series on cybersecurity produced by GZERO in partnership with Microsoft and the CyberPeace Institute. Astrada volunteers for the Institute and its CyberPeace Builders Program, which provides free cybersecurity assistance, threat detection, and analysis to NGOs and other critical sectors while advocating for safety and security in cyberspace.
- Podcast: Cyber Mercenaries and the digital “wild west" ›
- The threat of CEO fraud and one NGO's resilient response ›
- Hacked by Pegasus spyware: The human rights lawyer trying to free a princess ›
- Podcast: How cyber diplomacy is protecting the world from online threats - GZERO Media ›
- Podcast: Foreign Influence, Cyberspace, and Geopolitics - GZERO Media ›
- Podcast: Cyber mercenaries and the global surveillance-for-hire market - GZERO Media ›
- The devastating impact of cyberattacks and how to protect against them - GZERO Media ›
- How cyberattacks hurt people in war zones - GZERO Media ›
- How rogue states use cyberattacks to undermine stability - GZERO Media ›
- Why privacy is priceless - GZERO Media ›
- Would the proposed UN Cybercrime Treaty hurt more than it helps? - GZERO Media ›
- Why snooping in your private life is big business - GZERO Media ›
US & allies unite against China's cyberattacks
Ian Bremmer's Quick Take:
Hi, everybody. Ian Bremmer here, back in Nantucket for a few days, and a Quick Take to start out the week.Well, I thought I would talk about the finger-pointing happening at China for these cyberattacks. When we've been talking about cyberattacks recently, we mostly talk about Russia. It's been ransomware, it's been espionage, it's been disinformation, and US election intervention and all of these things. But no, this week it is all about China, and specifically the White House had this unusually strong statement, citing concerns about China's, what they call, irresponsible and destabilizing behavior in cyberspace, specifically talking about a hack against the Microsoft Exchange Server that we found out about back in March. That is a big deal.
Second, and related to that, is the fact that there was a massive response, a coordinated response, from NATO, as well as all G7 members. You remember back at the G7 meeting that we had a month ago in the UK, and the surprise was the statement was much more about China, much more coordinated on China, than people would've expected. That was the 3-hour meeting that they shut down the internet so they could all talk internally. There's increasing backlash against what is seen as more assertive Chinese behavior towards the West. We saw the big speech by Xi Jinping at the 100th Communist Party plenum. On the back of that, the Chinese government has made tougher statements on Taiwan, they have taken big moves against Chinese tech companies, against their IPO-ing in the West, in the United States, which is what makes them more transparent and more interoperable and engage in a global way. And now you see the United States and our allies around the world, in turn, taking on more coordination vis-à-vis China.
In the medium-term, one of the biggest questions out there will be to what extent countries like Germany and France and the UK would get on board with the United States that considers its top national security priority to be China, to be a threat from a competitive, assertive, and increasingly powerful China. And what we've seen in last 3 months has been a surprising amount of consolidation of that position. Doesn't mean it's going to continue on that trajectory forever, doesn't mean the Americans will be able to continue to implement on it, but at least for now, what we see is a Chinese government that is looking away from globalization, that's focusing more on domestic supply chain, on domestic consumption, on national champions, and a Chinese model of development, and we're seeing in the United States, Europe, Canada, Australia, Japan, even South Korea, all say we really don't like that direction. We have to work closer together.
Here's the big push back on all of that, and that's, despite all of these headlines, the level of interdependence and interoperability between the West and China continues to be incredibly deep. And you wouldn't necessarily know it by listening to the headlines. Deep in terms of trade, in terms of tourism, in terms of access to each other's markets, access to each other's financial systems, and frankly, most of the major economic actors in the United States in the West over the coming 5, 10 years, they expect to have not only the present level of engagement in China, but even more exposure to the Chinese market. China is the leading trade partner in almost the entire world in 2021. The United States is not about to supplant that. In fact, that trajectory is moving more in that direction.
So, on the one hand, you have the reality of globalization and interdependence that no matter what the politics are, will continue to get stickier and more engaged. On the other hand, you have the politics of pretty much all of the major economies in the world driving exactly against that. It's the most important cleavage in the world today, geopolitically, and it's one we're going to be spending an awful lot of time trying to suss out as these headlines continue to drive this kind of conflict.Anyway, that's it for me today. I hope everyone has a good week. Talk to you all real soon.
- Biden and Merkel will talk China strategy; Cuban economic crisis ... ›
- Impact of Microsoft hack deepens; why cyber attacks target ... ›
- Will there be a decisive US response to Russian cyber attacks ... ›
- Russia's cyber attack: an act of espionage or war? - GZERO Media ›
- How North Korea trains its “cyber soldiers” - GZERO Media ›
Will there be a decisive US response to Russian cyber attacks?
Marietje Schaake, International Policy Director at Stanford's Cyber Policy Center, Eurasia Group senior advisor and former MEP, discusses trends in big tech, privacy protection and cyberspace:
After an attempted hack of a Republican National Committee contractor, is cybersecurity at a breaking point between the US and Russia?
Well, that breaking point has been a long time coming. There was the attempt to manipulate the 2016 elections and now we see a series of ransomware attacks that are escalating. So the question is, what the US can do to decisively change the calculation on the Russian side? Making clear that there will be sanctions and other consequences that hurt should be a start. But it will only be credible if these promises are followed through and enforced.
Why is China launching cybersecurity probes into US listed Chinese tech companies?
Well, there has been an intensification of regulatory measures vis-a-vis tech companies in China itself. So, steps against Didi fit the arm-wrestling pattern between companies and state agencies. Only now, US and international investors have also been caught up. And of course, it brings back memories of the Trump administration, which launched its own probes into Chinese tech firms. So the question is, who stands to lose most from a tit for tat type back and forth?
- Beyond SolarWinds: Securing Cyberspace | Global Stage ›
- SolarWinds hack a wake-up call to the tech sector - GZERO Media ›
- Russia's cyber attack: an act of espionage or war? - GZERO Media ›
- Hackers shut down US pipeline - GZERO Media ›
- Panel: Working together to protect cyberspace - GZERO Media ›
- US & allies unite against China's cyberattacks - GZERO Media ›
- Panel: Working together to protect cyberspace - GZERO Media ›
- Russian hackers target US tech companies with little accountability - GZERO Media ›
- Russian hackers target US tech companies with little accountability - GZERO Media ›
- Watching Russia: cyber threats & disinformation - GZERO Media ›
Biden likely to push Putin on cybersecurity in Geneva meeting
Marietje Schaake, International Policy Director at Stanford's Cyber Policy Center, Eurasia Group senior advisor and former MEP, discusses trends in big tech, privacy protection and cyberspace:
When President Biden and President Putin meet, will cybersecurity will be a key issue that they discuss?
Now, I'm sure that there will be many thorny issues on the table. But after American fingers pointed to Russia and hold it responsible for the SolarWinds hack, it's likely. Criminals in Russia were also not hindered when they held the Colonial Pipeline Company ransom through a ransomware attack. And really, when journalists and opposition leaders cannot speak a single critical word without being caught, how come cybercriminals can act with impunity in Russia? So the need for prevention and accountability really is significant. And I hope the President Biden can push and persuade Putin to change the confrontational and aggressive course that he is on.
Ireland's responses to ransomware attack; cryptocurrency scams
Marietje Schaake, International Policy Director at Stanford's Cyber Policy Center, Eurasia Group senior advisor and former MEP, discusses trends in big tech, privacy protection and cyberspace:
What options does Ireland have responding to the ransomware attack on the country's healthcare system?
Well, authorities are making resources available to decrypt and restore, which is a good step. And they also insist on not paying ransom to the criminals. But after the immediate fallout, they should do a scan on weaknesses in legacy software systems used across the country to make clear who is expected to protect and where weaknesses might exist. Then imposing information sharing standards could help the needed facts to come together and to facilitate both resilience and damage control in the future. There's also an opportunity to cooperate on attribution and accountability with like-minded countries. This should really push to end the impunity with which these crimes are perpetrated.
How can consumers protect themselves from cryptocurrency scams?
Well here, my best advice is to use common sense. If a deal seems too good to be true, it probably is. And if there is no way to verify who runs a Bitcoin operation, then you have to ask yourself what an acceptable level of risk is in relation to your precious savings.
DarkSide hack reveals risk of ransomware cyberattacks
Marietje Schaake, International Policy Director at Stanford's Cyber Policy Center, Eurasia Group senior advisor and former MEP, discusses trends in big tech, privacy protection and cyberspace:
What did the DarkSide incident targeting Colonial Pipeline reveal about ransomware and the vulnerability of critical infrastructure?
Well, basically everything you need to know. The type of impact debilitating infrastructure through a ransomware or other method of cyberattack has been warned about for years. The risk of exploitation of vulnerabilities in software with enormous ripple effects became very tangible with the attack on Colonial Pipelines. But remember that energy infrastructure in the US already enjoys the highest protections, and still the attackers managed to perpetrate.
How can companies and governments catch up on cyber defense?
Now, it's critical that there is a mapping of an entire ecosystem, whether that is a company network or an entire country's architecture. Is it clear who is responsible for protecting which parts and how does information flow in case of emergency? I worry about the overreliance on software companies, which, as illustrated by the SolarWinds exchange server and now Colonial hacks are not strong enough. Connectivity brings new and often invisible vulnerabilities that must be addressed with more resilient protections and with more insights to public and Democratic leaders.
- Would you pay a cyber ransom? - GZERO Media ›
- Hackers shut down US pipeline - GZERO Media ›
- Panel: Working together to protect cyberspace - GZERO Media ›
- The Graphic Truth: Who's Hacking Whom? - GZERO Media ›
- Panel: Working together to protect cyberspace - GZERO Media ›
- Spyware concerns prompt US Congress to move toward sanctions - GZERO Media ›
- "We're identifying new cyber threats and attacks every day" – Microsoft’s Brad Smith - GZERO Media ›