Hacking 9-1-1: Infrastructure Vulnerabilities and Attack Vectors

Goebel, Mat; Dameff, Christian; Tully, Jeffrey

doi:10.2196/14383

Cited by 6 publications

(5 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Increases in health care cybersecurity incidents suggest the need for coordinated regional surge planning similar to that conducted for natural disasters . Interdisciplinary teams of technologists and clinicians are needed to address the unique challenges of cybersecurity incidents, including ransomware . These include difficulty predicting which facilities are at highest risk due to a lack of geographic association and institutional precedent, rapid spread across large distances within a hospital network affecting multiple facilities simultaneously, and protracted operational downtimes approaching weeks to months.…”

Section: Discussionmentioning

confidence: 99%

“… 29 Interdisciplinary teams of technologists and clinicians are needed to address the unique challenges of cybersecurity incidents, including ransomware. 30 , 31 , 32 These include difficulty predicting which facilities are at highest risk due to a lack of geographic association and institutional precedent, rapid spread across large distances within a hospital network affecting multiple facilities simultaneously, and protracted operational downtimes approaching weeks to months.…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US

et al. 2023

Self Cite

View full text Add to dashboard Cite

ImportanceCyberattacks on health care delivery organizations are increasing in frequency and sophistication. Ransomware infections have been associated with significant operational disruption, but data describing regional associations of these cyberattacks with neighboring hospitals have not been previously reported, to our knowledge.ObjectiveTo examine an institution’s emergency department (ED) patient volume and stroke care metrics during a month-long ransomware attack on a geographically proximal but separate health care delivery organization.Design, Setting, and ParticipantsThis before and after cohort study compares adult and pediatric patient volume and stroke care metrics of 2 US urban academic EDs in the 4 weeks prior to the ransomware attack on May 1, 2021 (April 3-30, 2021), as well as during the attack and recovery (May 1-28, 2021) and 4 weeks after the attack and recovery (May 29 to June 25, 2021). The 2 EDs had a combined mean annual census of more than 70 000 care encounters and 11% of San Diego County’s total acute inpatient discharges. The health care delivery organization targeted by the ransomware constitutes approximately 25% of the regional inpatient discharges.ExposureA month-long ransomware cyberattack on 4 adjacent hospitals.Main Outcomes and MeasuresEmergency department encounter volumes (census), temporal throughput, regional diversion of emergency medical services (EMS), and stroke care metrics.ResultsThis study evaluated 19 857 ED visits at the unaffected ED: 6114 (mean [SD] age, 49.6 [19.3] years; 2931 [47.9%] female patients; 1663 [27.2%] Hispanic, 677 [11.1%] non-Hispanic Black, and 2678 [43.8%] non-Hispanic White patients) in the preattack phase, 7039 (mean [SD] age, 49.8 [19.5] years; 3377 [48.0%] female patients; 1840 [26.1%] Hispanic, 778 [11.1%] non-Hispanic Black, and 3168 [45.0%] non-Hispanic White patients) in the attack and recovery phase, and 6704 (mean [SD] age, 48.8 [19.6] years; 3326 [49.5%] female patients; 1753 [26.1%] Hispanic, 725 [10.8%] non-Hispanic Black, and 3012 [44.9%] non-Hispanic White patients) in the postattack phase. Compared with the preattack phase, during the attack phase, there were significant associated increases in the daily mean (SD) ED census (218.4 [18.9] vs 251.4 [35.2]; P &lt; .001), EMS arrivals (1741 [28.8] vs 2354 [33.7]; P &lt; .001), admissions (1614 [26.4] vs 1722 [24.5]; P = .01), patients leaving without being seen (158 [2.6] vs 360 [5.1]; P &lt; .001), and patients leaving against medical advice (107 [1.8] vs 161 [2.3]; P = .03). There were also significant associated increases during the attack phase compared with the preattack phase in median waiting room times (21 minutes [IQR, 7-62 minutes] vs 31 minutes [IQR, 9-89 minutes]; P &lt; .001) and total ED length of stay for admitted patients (614 minutes [IQR, 424-1093 minutes] vs 822 minutes [IQR, 497-1524 minutes]; P &lt; .001). There was also a significant increase in stroke code activations during the attack phase compared with the preattack phase (59 vs 102; P = .01) as well as confirmed strokes (22 vs 47; P = .02).Conclusions and RelevanceThis study found that hospitals adjacent to health care delivery organizations affected by ransomware attacks may see increases in patient census and may experience resource constraints affecting time-sensitive care for conditions such as acute stroke. These findings suggest that targeted hospital cyberattacks may be associated with disruptions of health care delivery at nontargeted hospitals within a community and should be considered a regional disaster.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Discussionmentioning

confidence: 99%

Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US

et al. 2023

Self Cite

View full text Add to dashboard Cite

show abstract

“…39 The use of internet-based technology in some emergency call systems may improve response, but this also creates a new vulnerability in the form of a cyberattack. 40…”

Section: Discussionmentioning

confidence: 99%

“…39 The use of internet-based technology in some emergency call systems may improve response, but this also creates a new vulnerability in the form of a cyberattack. 40 Proliferation of EMRs, telehealth capabilities, and networkbased equipment have increased efficiency and improved health care delivery. 41 However, increasing dependency on these tools makes the systems which rely upon them more vulnerable to disruption.…”

Section: Discussionmentioning

confidence: 99%

Reviewing the Health Care Impacts of Attacks on Critical Infrastructure

Taubman,

Hart,

Hertelendy

et al. 2023

Prehosp. Disaster med.

View full text Add to dashboard Cite

Introduction: Health care provision depends on reliable critical infrastructure (CI) to power equipment and to provide water for medication and sanitation. Attacks on CI limiting such functions can have a profound and prolonged influence on delivery of care. Methods: A retrospective analysis of the Global Terrorism Database (GTD) was performed of all attacks occurring from 1970-2020. Data were filtered using the internal database search function for all events where the primary target was “Utilities,” “Food or Water Supply,” and “Telecommunications.” For the purposes of this study, the subtype “Food Supply” was excluded. Events were collated based on year, country, region, and numbers killed and wounded. Results: The GTD listed 7,813 attacks on CI, with 6,280 of those attacks targeting utilities, leading to 1,917 persons directly killed and 1,377 persons wounded. In total, there were 1,265 attacks targeting telecommunications causing 205 direct deaths and 510 wounded. Lastly, 268 attacks targeted the water supply with 318 directly killed and 261 wounded. Regionally, South America had the most attacks with 2,236, followed by Central America and the Caribbean with 1,390. Based on infrastructure type, the most attacks on utilities occurred in El Salvador (1,061), and the most attacks on telecommunications were in India (140). Peru (46) had the most attacks on its water supply. Conclusion: The regions with the highest number of total attacks targeting CI have historically been in South America, with more attacks against power and utilities than other infrastructure. Although the numbers of persons directly killed and wounded in these attacks were lower than with other target types, the true impacts on lack of health care delivery are not accounted for in these numbers. By understanding the pattern and scope of these attacks, Counter-Terrorism Medicine (CTM) initiatives can be created to target-harden health care-related infrastructure.

show abstract

“…This is especially applicable to emergency medicine such as EMS, since systems used by EMS are becoming increasingly interconnected and dependent on information technology for daily operations. 25,26 Even during the COVID-19 pandemic, health care systems were prone to cyberterrorism. 21 The GTD does not include cases of cyberterrorism, which may be regarded as a limitation of this study.…”

Section: Recommendationsmentioning

confidence: 99%

Terrorist Attacks Against Emergency Medical Services: Secondary Attacks are an Emerging Risk

Schmeitz

Barten

Barneveld

et al. 2022

Prehosp. Disaster med.

View full text Add to dashboard Cite

Introduction: Terrorists increasingly aim at so-called soft targets, such as hospitals. However, little is known about terrorist attacks against Emergency Medical Services (EMS). Objective: This study aims to review all documented terrorist attacks against EMS that occurred world-wide from 1970-2019 using the Global Terrorism Database (GTD). Methods: Reports of terrorist attacks against EMS were extracted from the GTD from 1970-2019. Data collection included temporal factors, attack and weapon type, number of casualties, and if it was a primary or secondary attack (secondary attack: deliberate attack against the first responders of an initial terrorist attack). Reports were excluded if EMS were not a target or if it was unclear whether they were a target. Chi-square tests were performed to evaluate trends over time. Results: There were 184 terrorist attacks against EMS, resulting in 748 deaths and 1,239 people injured. Terrorist attacks against EMS significantly increased over the past two decades. The “Middle East & North Africa” was the most frequently affected region with 81 attacks (44.0%) followed by “South Asia” with 41 attacks (22.3%). Bombings and explosions were the most common attack type (85 incidents; 46.2%) followed by armed assaults (68 incidents; 35.3%). Combined prehospital and hospital attacks were first reported in 2005 and occurred seven times. The first secondary attack against EMS dates from 1997, after which an increase was observed from 10 to 39 incidents in the periods 2000-2009 and 2010-2019, respectively. Conclusions: This analysis of the GTD, which identified 184 terrorist attacks against EMS over a 50-year period, demonstrates that terrorist attacks against EMS have significantly increased during the years and that secondary attacks are an emerging risk. Bombings and explosions are the most common attack type. Terrorist attacks against EMS are most prevalent in countries with high level of internal conflicts, however, they have also occurred in western countries. These incidents may hold valuable information to prevent future attacks.

show abstract

Hacking 9-1-1: Infrastructure Vulnerabilities and Attack Vectors

Cited by 6 publications

References 4 publications

Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US

Ransomware Attack Associated With Disruptions at Adjacent Emergency Departments in the US

Reviewing the Health Care Impacts of Attacks on Critical Infrastructure

Terrorist Attacks Against Emergency Medical Services: Secondary Attacks are an Emerging Risk

Contact Info

Product

Resources

About