Incident: Ransomware Attack on Florida Hospital's Charting Software System

Published Date: 2022-01-16

Postmortem Analysis
Timeline 1. The software failure incident at Jackson Hospital in Florida happened on a Sunday night, as reported in Article 123218. 2. The article was published on 2022-01-16. 3. Estimation: Considering the article was published on January 16, 2022, and the incident occurred on a Sunday night, the software failure incident likely happened on January 9, 2022.
System 1. Charting software maintained by an outside vendor [Article 123218] 2. Computer server used to store non-critical organizational documents [Article 123218]
Responsible Organization 1. The software failure incident at Jackson Hospital was caused by a ransomware attack carried out by hackers [123218].
Impacted Organization 1. Jackson Hospital in Florida [Article 123218]
Software Causes 1. Ransomware infection in the charting software maintained by an outside vendor [Article 123218]
Non-software Causes 1. Lack of cybersecurity measures to prevent ransomware attacks [123218] 2. Potential lack of employee training on cybersecurity best practices [123218]
Impacts 1. The software failure incident, a ransomware attack on the charting system at Jackson Hospital, led to the shutdown of the hospital's computer systems to prevent the spread of the computer virus [Article 123218]. 2. As a result of the ransomware attack, the hospital had to revert to pen and paper for record-keeping, leading to a temporary disruption in the electronic records system [Article 123218]. 3. The emergency room's charting system could be offline for the rest of the week, impacting the efficiency of accessing patient records [Article 123218]. 4. The attackers encrypted a computer server used to store non-critical organizational documents, potentially affecting data security and access to certain files [Article 123218]. 5. The incident required hospital staff to switch to "downtime procedures," processing physician notes and prescriptions manually for several hours, impacting operational efficiency [Article 123218].
Preventions 1. Implementing robust cybersecurity measures such as regular security audits, penetration testing, and employee training to recognize and prevent phishing attempts [123218]. 2. Ensuring timely software updates and patches to address known vulnerabilities that could be exploited by ransomware attacks [123218]. 3. Implementing network segmentation to isolate critical systems from potential malware infections and limit the spread of ransomware within the network [123218].
Fixes 1. Implementing robust cybersecurity measures to prevent ransomware attacks, such as regular security audits, employee training on cybersecurity best practices, and network segmentation to contain potential breaches [123218].
References 1. Jamie Hussey, IT director of Jackson Hospital in Florida [Article 123218] 2. Department of Health and Human Services [Article 123218] 3. Allan Liska, senior threat intelligence at cybersecurity firm Recorded Future [Article 123218] 4. US Cybersecurity and Infrastructure Security Agency [Article 123218]

Software Taxonomy of Faults

Category Option Rationale
Recurring one_organization, multiple_organization (a) The software failure incident has happened again at one_organization: The article mentions that Jackson Hospital in Florida experienced a ransomware attack on its charting software, which led to the hospital shutting down its computer systems to prevent the spread of the computer virus [123218]. This incident indicates that the hospital faced a similar software failure issue within its own organization. (b) The software failure incident has happened again at multiple_organization: The article highlights that Jackson Hospital is just one of several dozen health care organizations across the US that have had to battle ransomware attacks since the coronavirus pandemic began. It mentions other incidents such as the University of Vermont delaying chemotherapy appointments due to a suspected ransomware attack and Memorial Health System in Ohio diverting patients to other facilities because of a ransomware incident [123218]. This suggests that multiple health care organizations have faced similar software failure incidents related to ransomware attacks.
Phase (Design/Operation) design, operation (a) The software failure incident at Jackson Hospital was primarily due to a ransomware attack on the charting software system maintained by an outside vendor. The ransomware infection was a result of external factors introduced by the attackers, leading to the failure of the system's design in terms of security vulnerabilities [123218]. (b) The operation of the system was impacted by the ransomware attack, as the hospital had to shut down its computer systems and resort to pen and paper methods to continue operations. The attack affected the day-to-day operation of the hospital, requiring staff to follow downtime procedures and process patient records manually [123218].
Boundary (Internal/External) within_system, outside_system (a) within_system: The software failure incident at Jackson Hospital was caused by ransomware infecting the charting software maintained by an outside vendor. The ransomware attack led to the hospital shutting down its computer systems to prevent further spread of the virus [123218]. The hospital's IT team had to take preemptive action to contain the hack and ensure minimal disruption to patient care. The incident required meticulous recovery efforts to ensure that no malicious code was left in the network [123218]. (b) outside_system: The ransomware attack on Jackson Hospital's charting system was initiated by external hackers who infected the software with ransomware. The attack was part of a larger trend where health care organizations, including hospitals, have been targeted by cybercriminal groups during the pandemic [123218]. The incident highlighted the vulnerability of health care organizations to external threats and the need for robust cybersecurity measures to prevent such attacks.
Nature (Human/Non-human) non-human_actions, human_actions (a) The software failure incident at Jackson Hospital was caused by a ransomware attack, specifically the Mespinoza ransomware, which infected the charting system maintained by an outside vendor [123218]. This incident was a result of non-human actions, as the ransomware was introduced into the system without human participation. (b) Human actions were involved in the response to the software failure incident. The IT director, Jamie Hussey, and his team took preemptive action by shutting down the hospital's computer systems to prevent the spread of the ransomware [123218]. Additionally, they meticulously conducted a recovery process to ensure no malicious code was left in the network, physically disconnecting and reconnecting critical systems to check for ransomware [123218].
Dimension (Hardware/Software) software (a) The software failure incident at Jackson Hospital was primarily due to a ransomware attack, which is a type of cyberattack that involves malicious software infecting a computer system. The ransomware infected the charting software used by the hospital, leading to the shutdown of computer systems to prevent further spread [123218]. (b) The software failure incident was specifically caused by the ransomware infection of the charting software maintained by an outside vendor. This software failure originated in the software itself, as the ransomware infected the system and led to disruptions in accessing patient medical histories [123218].
Objective (Malicious/Non-malicious) malicious (a) The software failure incident at Jackson Hospital was malicious in nature. The incident involved a ransomware attack on the hospital's charting system, which was maintained by an outside vendor. The ransomware infected the system, leading to the shutdown of the hospital's computer systems to prevent further spread of the computer virus [123218]. The attackers encrypted a computer server used to store non-critical organizational documents, and the IT team was assessing the potential impact on patient data and considering the possibility of paying a ransom to retrieve the files [123218]. (b) The software failure incident was non-malicious in the sense that it was not caused by accidental errors or system faults but rather by a deliberate cyberattack aimed at disrupting the hospital's operations and potentially stealing sensitive data. The incident required the hospital to switch to downtime procedures, processing physician notes and prescriptions manually while the charting system was offline [123218].
Intent (Poor/Accidental Decisions) unknown (a) The software failure incident at Jackson Hospital was not due to poor decisions but rather a deliberate attack by hackers using ransomware to infect the hospital's charting system [123218]. The incident was a result of malicious actions by cybercriminals rather than poor decisions made by the hospital's IT team.
Capability (Incompetence/Accidental) accidental (a) The software failure incident at Jackson Hospital was not due to development incompetence but rather a ransomware attack. The incident was caused by malicious actors infecting the charting software with ransomware, leading to the shutdown of the hospital's computer systems to prevent further spread [Article 123218]. (b) The software failure incident at Jackson Hospital was accidental in the sense that the hospital did not intentionally introduce the ransomware into their systems. It was a result of external malicious actors infecting the software, leading to disruptions in the hospital's operations [Article 123218].
Duration temporary (a) The software failure incident at Jackson Hospital was temporary. The hospital's charting system, which was infected with ransomware, caused a disruption in accessing patient medical histories. As a result, the hospital had to shut down its computer systems temporarily and resort to pen and paper for record-keeping [123218]. The incident led to downtime procedures being implemented, such as processing physician notes and prescriptions by hand for several hours [123218]. Additionally, the emergency room's charting system could be offline for the rest of the week, indicating a temporary impact on the system [123218]. (b) The software failure incident at Jackson Hospital was also temporary in nature. The hospital's IT team took preemptive action to contain the hack and prevent it from spreading throughout the entire hospital [123218]. The gradual recovery process involved meticulous checks on computer systems to ensure they weren't infected with ransomware before bringing them back online, indicating a temporary disruption in services [123218].
Behaviour omission, other (a) crash: The software failure incident at Jackson Hospital involved a ransomware attack that led to the hospital shutting down its computer systems to prevent the spread of the computer virus [123218]. (b) omission: The ransomware attack caused the hospital's emergency room charting system to be offline for an extended period, leading to doctors having to access patient records from other parts of the hospital network [123218]. (c) timing: The hospital had to switch to "downtime procedures" where physician notes and prescriptions were processed by hand for several hours after the computer systems were shut down due to the ransomware attack [123218]. (d) value: The attackers encrypted a computer server used by the hospital to store non-critical organizational documents, and the IT director was trying to determine if any patient data was compromised and if a ransom needed to be paid to retrieve the files [123218]. (e) byzantine: The ransomware attack incident involved the hospital's IT team meticulously checking all computer systems across the hospital to ensure no malicious code was lingering in the network before bringing them back online [123218]. (f) other: The behavior of the software failure incident also involved the hospital's IT director making the decision to shut down computer networks to contain the ransomware attack, even though it might not have been popular with some hospital staff, emphasizing the importance of securing the network [123218].

IoT System Layer

Layer Option Rationale
Perception None None
Communication None None
Application None None

Other Details

Category Option Rationale
Consequence property, delay, theoretical_consequence, other (a) death: People lost their lives due to the software failure - There is no mention of any deaths resulting from the software failure incident at Jackson Hospital [Article 123218]. (b) harm: People were physically harmed due to the software failure - The article does not mention any physical harm to individuals as a direct result of the software failure incident at Jackson Hospital [Article 123218]. (c) basic: People's access to food or shelter was impacted because of the software failure - The incident did not impact people's access to food or shelter as it primarily affected the hospital's IT systems and electronic records [Article 123218]. (d) property: People's material goods, money, or data was impacted due to the software failure - The software failure incident resulted in the encryption of a computer server used to store non-critical organizational documents at Jackson Hospital. The hospital was assessing if any patient data was affected and considering the possibility of paying a ransom to retrieve the encrypted files [Article 123218]. (e) delay: People had to postpone an activity due to the software failure - The ransomware attack led to the temporary shutdown of the hospital's computer systems, causing the emergency room's charting system to be offline for an extended period. This required the hospital to switch to manual processing for tasks like physician notes and prescriptions [Article 123218]. (f) non-human: Non-human entities were impacted due to the software failure - The software failure incident primarily affected the hospital's IT systems, electronic records, and computer networks. There is no mention of non-human entities being impacted in the articles [Article 123218]. (g) no_consequence: There were no real observed consequences of the software failure - The software failure incident at Jackson Hospital had significant consequences, including the encryption of a computer server, temporary shutdown of computer systems, and the need to revert to manual processes for certain tasks [Article 123218]. (h) theoretical_consequence: There were potential consequences discussed of the software failure that did not occur - The article discusses the potential consequences of the ransomware attack spreading throughout the hospital if not contained in time. However, due to quick action by the IT team, the hospital managed to prevent further escalation of the incident [Article 123218]. (i) other: Was there consequence(s) of the software failure not described in the (a to h) options? What is the other consequence(s)? - The article mentions the financial impact of ransomware attacks on the healthcare sector, with disruptions costing millions of dollars to organizations. Additionally, the incident highlighted the vulnerability of healthcare organizations to cybercriminal groups during the pandemic [Article 123218].
Domain health (a) The failed system was intended to support the healthcare industry. The incident occurred at Jackson Hospital in Florida, a healthcare facility, where the charting software used by doctors to access patients' medical histories was infected with ransomware [Article 123218]. The hospital had to resort to pen and paper methods to continue operations, showcasing the critical role of the software in supporting healthcare services. Additionally, the article mentions that several health care organizations across the US have faced ransomware attacks, emphasizing the vulnerability of the healthcare sector to such incidents [Article 123218].

Sources

Back to List