Jonathan Lee 25 January 2021

The five human impacts of ransomware attacks

The five human impacts of ransomware attacks image

When we think about a ransomware attack, we often think of the multi-million pound demands from ruthless cybercriminals, or the multinational corporate giants kicked offline for days at a time while being held to ransom. However, we’re beginning to see a more malicious, devastating consequence of ransomware attacks – the human cost.

The unique combination of responsibility for essential services and budget-constrained cybersecurity teams, makes public sector organisations the perfect target for ransomware gangs. Cyber attacks on these organisations have a very real and sometimes dire impact on the people relying on them. Looking at five recent attacks on public services, we understand the damage ransomware operators can do in a bid to get victims to pay up.

1. Patient care in medical facilities

In September of last year, a ransomware attack on The Duesseldorf University Clinic in Germany resulted in the death of a patient receiving emergency life-saving treatment - the most extreme possible consequence of ransomware attacks on healthcare organisations. It is the first instance of a ransomware attack being treated by investigators as a negligent homicide. Sadly, it’s not the only case.

Around the same time, healthcare provider Universal Health Services - which has facilities across the US and Britain - was hit with a Ryuk attack that took down 250 US hospitals and clinics. While no patients died in this instance, healthcare professionals were without access to lab results, imaging scans, prescriptions, and other critical pieces of information needed to provide safe patient care. What’s more, staff were left scrambling to figure out which patients had been infected by COVID-19 - putting both employees and patients at greater risk.

2. Social services

Alongside hospitals, local councils struggling with the challenges of the pandemic also suffered from ransomware in 2020. For example, a cyber attack on Redcar and Cleveland’s Council’s website cost it £10.4m. This hefty cost to the council, came alongside disruption to essential services such as online appointment bookings, council housing complaints and social care systems - at a crucial time in the pandemic.

Monetary cost aside, the cost to people’s wellbeing was huge. The Redcar attack took out its social care advice services, vital services used by the most vulnerable in society. This left people without the ability to claim benefits, disability allowances and gain advice for those working with disabled and frail people.

3. Collapse of housing

One of 2020’s widely reported attacks on the public sector was that on Hackney Borough Council in October, which caused wide-spread disruption to housing, social services and payments processing. Months later, some systems are still inaccessible - with these departments having to conduct work manually while they are rebuilt.

The result? Property purchases for a number of residents were delayed or collapsed as the council cannot process land search requests - which inform buyers about planning decisions, building regulation matters and conservation. These individuals were still left with expensive estate agent fees.

4. Emergency services

The increasing number of attacks on emergency services has shown that there is a chink in their armour, which cybercriminals have no qualms about exploiting - regardless of whether human lives could be lost or not.

In 2019, the 911 dispatch service and law enforcement in Jefferson, Georgia experienced an outage which turned screens blank and made remote control of the jail cell doors and electronic controls impossible. For officers on the road this meant losing the ability to monitor emergencies or run licence plates, hindering the service and putting law enforcement at greater risk.

5. Disrupted transportation

Although most travel plans are curbed while the pandemic continues, transportation is a tempting target for greedy ransomware gangs. At the end of last year, Vancouver’s public transport provider was targeted by the Egregor ransomware gang, which had both encrypted and stolen data - threatening to make private data available to the public should they not pay up. Along with the very real threat of sensitive data being released, the attack itself disrupted the trip planning tool and meant customers couldn’t use credit or debit cards to purchase tickets, preventing millions of users from travelling.

2020 saw huge challenges, and sometimes devastation, for the public sector - both regarding the pandemic and ransomware. In some cases, it was the perfect time to hit for malicious gangs. With increased reliance on healthcare, local government and emergency services, keeping cyberattacks at bay has never been more important. The examples above show that robust cybersecurity practices are needed not just to save money, but to save lives.

Jonathan Lee is director of public sector relations at Sophos

For your free daily news bulletin
Highways jobs

Environmental Health/Environmental Protection Officer - Noise

Tower Hamlets London Borough Council
£41,607.00 - £44,598.00
This post attracts an essential car user allowance. The post holder is able to take part in the Council's flexible working scheme. Tower Hamlets, London (Greater)
Recuriter: Tower Hamlets London Borough Council

Director of Financial Services (Deputy Section 151)

London Borough of Waltham Forest
£110,118 to £118,864
his is a great opportunity to develop the skills and knowledge that will lead to becoming a Section 151 Officer. Waltham Forest, London (Greater)
Recuriter: London Borough of Waltham Forest

Director of Business Development

North Yorkshire County Council
50-60k + relocation allowance
We are looking for a dynamic and innovative person to help us deliver our ambitious new strategic objectives set out in... North Yorkshire
Recuriter: North Yorkshire County Council

Strategic Service Manager - Bridgend Youth Justice Service

Bridgend County Borough Council
£44,863 - £45,859 per annum
An exciting opportunity has presented to lead Bridgend Youth Justice Service. Bridgend (Pen-y-bont ar Ogwr)
Recuriter: Bridgend County Borough Council

Corporate Property Surveyor

Ashford Borough Council
£34,476 to £37,158 pa - plus Lease Car or Cash alternative of £2,080 pa
Ashford Borough Council has a long and proud record of driving high quality place making. Ashford, Kent
Recuriter: Ashford Borough Council

Public Property

Latest issue - Public Property News

This issue of Public Property examines how how flexible workspaces can lead the way in regeneration for local authorities, Why local authority intervention is key to successful urban regeneration schemes and if the Government’s challenge of embracing beauty is an opportunity for communities.

The March issue also takes a closer look at Blackburn with Darwen Council's first digital health hub to help people gain control over health and care services.

Register for your free digital issue