“In wartime, a red cross on a hospital’s roof protects them from bombing. But in cyberwar there’s no convention to protect hospitals,” says Professor Dr. Harald Dormann, Head Physician, Emergency Room at Germany’s Klinikum Fürth hospital. Hospitals have thousands of networked computers and medical devices crucial to patient care, but on Friday, December 13th, 2019, Klinikum Fürth’s quick thinking turned a malware attack into an unlucky day for cybercriminals.

hacker:HUNTER Behind the Screens Episode 6: Malware A New Virus in the Hospital, charts Klinikum Fürth’s life-saving actions that stopped a ransomware attack in its tracks.

How do cybercriminals use malware against hospitals?

Klinikum Fürth found 65 systems infected with computer viruses and malware including the dangerously effective Emotet. Acting fast, they isolated the malware before it encrypted their data and demanded a ransom – often an Emotet attack’s end goal.

The first hint of an attack was when Klinikum Fürth’s IT support team started receiving strange emails from users – an Emotet hallmark.

Emotet spreads by using past emails in Microsoft Outlook to create new emails, with results from convincing to bizarre.

Malware is common. In the March to June quarter of 2021, Kaspersky software blocked 1.7 billion malware attacks. But it’s becoming more dangerous, with cybercriminals using particularly damaging malware like Emotet for fraud and ransomware attacks. 

The rise of this more dangerous malware means business should give it more focus in their security strategy. Noushin Shabab, Senior Security Researcher at Kaspersky says, “An average cost for clean-up of this malware is around $1 million US dollars.”

Emotet also uses Wi-Fi networks to spread. If infected, a wirelessly connected device scans nearby networks and infects other devices using a password list.

The hospital’s surgical cyberdefense

Emergency Room Head Physician Professor Dr. Harald Dormann recounts how hospital staff stepped up when they learned of the cyberattack. “When our CEO told us what had happened, some were nervous, some were pale. But all were motivated to act.”

They disconnected the hospital from the internet to reduce risk of infecting other institutions and assembled taskforces of clinicians, administrators and IT staff to analyze the problem. To reduce risk to patients, they diverted new patients to nearby hospitals. Prioritizing the most critical medical devices, they checked for malfunctions and brought in extra staff to help with the switch to a paper-based working process.

How to stop and prevent malware attacks

There are many lessons in Klinikum Fürth’s story. Their fast response shows why organizations should plan what they’ll do if attacked.

Cybersecurity education can help staff get wiser to threats like Emotet’s use of spoofed emails. Strong passwords help defend against malware that uses wi-fi networks to spread. 

Read more about how to prevent and reduce the impact of ransomware attacks. For more videos on protecting tomorrow, subscribe to Tomorrow Unlocked on YouTube or follow us on Instagram.

Are your passwords secure enough?