Fifty-years ago, malicious software called malware would have never been a relative idea, let alone imaginable. As we fast-forward fifty-years, you could curate a hypothesis related to technology where bad people use technology to threaten and harm others. This is exactly what happened when a Russian hacker group targeted the Springhill Medical Center with Ransomware causing a newborn brain damage that led to her death nine months later.

Similar events can provide insight, such as theorizing that malware and its creation timeline is in comparison of the severity of where it’s at today. Ransomware being one of the most sophisticated and severe type of malware which has only been in existence for an estimated nine years, not as old the Creeper Worm from the early 1970’s (Fortinet, 2022). In the dawn of computers and networks, network and system security were not even a thought, let alone malware ever being curated in the mind. This allowed tons of security holes in the early development of operating systems and networks; it allowed only a singular KGB hacker to infiltrate United States government systems, but also allowed the creation of superb security professionals such as Clifford Stoll, an astronomer from Lawrence Berkeley National Laboratory. Where he is best known for his investigation in 1986 where he wrote a book called the Cuckoos Egg. The story written by Cliff and his experience of tracking down this malicious user at the extent of his curiosity to find out just who has been breaking into network.

Not soon after in 1987, the first implementation of an Anti-Virus software was developed and released. The software named, Ultimate Virus Killer that would scan for virus code sequences; today, we know these as a malware signature. Our defensive technology against malware and intruders has evolved due to our tenacity and our ability to understand what is happening in that moment. Developers and security practitioners extrapolating the code to understand how that malicious code works, to create ideas and develop software such as an Intrusion Detection System or an Intrusion Prevention System. Both systems are a great balance to have in a network, but they show our tenacity for developing defensive capabilities to stay a step ahead of the malicious users. By this point malware has evolved into logic bombs and many other sophisticated types of malware, such as our Ransomware. We can gather from this history lesson that malware has led to a modern-day cat and mouse game impacting security professionals, the government, and the public.

From the beginning, malware has been a nuisance, as security professionals, hardware, and software evolve, so do the attackers. In the 1980s, breaches were not common, but they were publicized. Imagine being Clifford Stoll in laboratory chasing a hacker that came out to be a Russian KGB entity, working near to an established hacking group then hearing about their arrests on the news, or not being able to talk about it. Clifford was able to create an intrusion detection system for every time the hacker logged into his system. Although Cliff was not able to create this IDS by himself, it took a network of skillful individuals around the globe to work together to create this system.

Such as the skilled individuals working together for a common cause, so were the brave men and women employed at the Springhill Medical Center. When Ryuk struck in July of 2019, it crippled the medical facility and sabotaged internal systems. As time passed by, it was at the point of great peril that humanity came together to solve a common problem. Dark experiences such as these will bond colleagues together, such as those who bond during a time of war. The National Library of Medicine conducted a case study overlooking how the COVID-19 pandemic created emotional connection over collective trauma (NCBI, 2021). Although unfortunate, individuals that have shared traumatic experiences tend to have a greater connection with one another.

The staff was under such duress, one staff member stated, “I want to run away”, but the medical staff was able to work together and create solutions to their problems. Older staff members created lessons on charting and hand-drawing graphs showing vital signs to show to their younger colleagues (WSJ, 2021). Ransomware caused the medical staff real-time wireless tracker to be inoperable and medical documents could not be accessed.  As the Ransomware attack continued, colleagues were able to work together, to come to a resolution; they were able to understand their purpose in their life more-so than ever. Younger colleagues may have been in a greater sense of duress, understandable due to their experience level, they had an opportunity to see what they are made of.

The younger and older staff were working together, mentoring, and educating, as the younger staff was put in a difficult position that they were never ready for, the medical staff of all ages were connecting more than ever. Although mentioned earlier, collective emotional trauma is a form of connecting and dire circumstances. Trauma happens throughout our lives, whether it’s through a stressful environment requiring cooperation or the death of a loved one, it really shows how similar we are as individuals. Although the medical staff had an awful experience, the IT team that provides managed services to the medical facility must have been in quite the panic as well. They would have to make decisions that benefit the medical facility, theorizing what would further impact the hospital but also reduce the impact of the attack.

Even though the IT team was experiencing their own stressful environment, it is important to understand that the Ransomware attack could have been preventable. Looking at how Ransomware works and how organizations provide optimal security for their networks will help us understand what could have been implemented to thwart an attack such as this one.  Ransomware, a form of malware that will spread like a virus once it an infects a system; as it does so, it will encrypt every single file on said system. After the Ransomware has been deployed and files have been encrypted, the software will ask for a ransom payment (CISA, 2022). The ransom payment is usually paid with cryptocurrency, so tracking down the culprits makes life tough for law enforcement. Ransomware will infect your system either through an employee falling victim to either a type of social engineering attack targeting their emails or as they surf the web getting hit by what’s called a “drive-by-download”. While you’re surfing the web, you could land on a webpage and download software without realizing it. Therefore, it is important to provide multiple solutions to security.

There are a few solutions that the IT and Security team should use to help ensure HIPAA compliance as well as maintaining a proper security posture. IBM discusses a few preferred methods to help protect against Ransomware, such as backup and recovery threat detection and response (IBM, 2022). As a victim, you may pay for the decryption key to unencrypt your data, but your data may be corrupted even though you paid a six-figure ransom (Sophos, 2021). To help resolve this concern it may be imperative that an organization provides a back and recovery solution, that will provide three locations of backup. These locations include in the cloud, and two other backups on different storage media leaving one of them at an off-site location (Veeam, 2021). If an attack strikes the medical facility again, the IT team will be able to control the attack more efficiently as well as recovering data for patients as soon as possible.

As technology evolves, threats evolve, but so does our approach to cyber defense through new technologies that provide threat and detection monitoring. This can be done by implementation of AI IDS/IPS systems that provide a heuristic approach to threat detection and prevention (Kaspersky, 2022). Allowing artificial intelligence software allows the creation to an imperviable network infrastructure. An IDS/IPS with heuristic analysis allows the AI to look for abnormalities, especially if malware starts to run on network. Once the abnormality is found, the malware is quarantined or removed immediately. Although, heuristic can be tricked, but unlikely, it is still imperative of the implementation of an IDS/IPS solution along with other security solutions to provide a defense-in-depth approach (Fortinet, 2022).

Events such as these have multiple topics that populate from many questions whether it’s curiosity of a friend’s health or the loss of life at the hospital. Questions could involve the technical department and pointing blame in their direction for the incident. Conferences regarding planning for a better security posture to prevent these events are also occurring as a result of this event. Knowing these results, we can see the true value of understanding each topic and concern that it was generated and how it has a direct and indirect impact on us as individuals and society.

Malicious users and cyber-criminals have had an indirect and direct impact on technology and the way we secure it. As malicious attackers became more profound a requirement for security was in need, whether it was software or the creation of different government divisions. In 1994 the Department of Treasure and the Department of Justice signed a Memorandum of Understanding (MOU) to create the Federal Law Enforcement Wireless Users Group (FLEWUG) (CISA, 2022). The FLEWUG was established to help raise awareness throughout the law enforcement community. Since then, the government approved the establishment of Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security in November of 2013 (DHS, 2013). CISA provides the leading movement on the national effort to understand, manage, and reduce risk to our cyber and physical infrastructure. Without agencies such as CISA, majority of the security protocols, guides, standards, and tools would not be in place today. As the cyber criminals evolve, so does CISA and other government agencies.

Because of groups and agencies such as CISA, there may not have been a formal investigation or elevation of awareness about the possibility of loss of life from a cyber-attack. As we can see now, the possibility is there and the cost of a newborn nine months after being born. Being able to quantify the absolute need of an increased oversight of security on network and physical infrastructure will only aid in the development of capable standards and abilities to reduce the efforts of cyber criminals. We as technology professionals do this by working together, understanding the benefits, and going through the challenges in addressing these concerns.

In the last 70 years network security has evolved as technology evolved. The shear expansion of internet and the ability to connect computers together throughout the world gives everyone access to each other’s data. Most individuals would not allow their personal data, that’s why throughout the years different protocols have been made and software has been implemented. In the year 1971 Telnet was created, allowing the transmission of data over clear text which allows anyone listening to that network to see that data. Years passed and Secure Shell was created in 1995 to provide encryption to data transmissions (Asis, 2017). The collaboration of the technology society has been able to evolve as attackers evolve, but it is imperative that we stay proactive and not reactive to these threats so we can reap the benefits of the challenges we face.

Technology can bring those with different viewpoints together and allow individuals to view from a different perspective. People today can go online and read about the other countries, their laws, their cultures, their economy. They can compare their lives to others, they can see the different foods that are made, they can learn the recipes of a master chef in Indonesia through a click of a button. They can use a source called Reddit to interact with others and ask questions. Technology has provided humanity with the ability to connect with anyone and everyone throughout the globe. Through Facebook, Twitter, Instagram and other Social Media applications, technology has found the way to bring humans together and experience everyone’s culture and bring a sense of belonging to everyone.