Face of Cybercrime. How Cyber Attacks Kill Patients.

Show Notes

Welcome to Bainbridge, Georgia—where a cyber attack turned Memorial Hospital into a warzone of blinking screens and silent phones. This isn't sci-fi. It's the chilling truth of how ransomware can lead to real-world deaths. In this episode, we unpack the battle between Embargo and Memorial Health, and reveal the emotional and life-threatening toll of cybercrime.

Growth without Interruption. Get peace of mind. Stay Competitive-Get NetGain. Contact NetGain today at 844-777-6278 or reach out online at www.NETGAINIT.com  
 

🎧 Subscribe now http://www.youtube.com/@cybercrimejunkiespodcast and never miss a video episode!

Follow Us:
🔗 Website: https://cybercrimejunkies.com
📱 X/Twitter: https://x.com/CybercrimeJunky
📸 Instagram: https://www.instagram.com/cybercrimejunkies/

Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
Listen to Our Podcast:
🎙️ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-crime-junkies/id1633932941
🎙️ Spotify: https://open.spotify.com/show/5y4U2v51gztlenr8TJ2LJs?si=537680ec262545b3
🎙️ Youtube (FKA Google) Podcasts: http://www.youtube.com/@cybercrimejunkiespodcast

Join the Conversation: 💬 Leave your comments and questions. TEXT THE LINK ABOVE . We'd love to hear your thoughts and suggestions for future episodes!

Chapters

• 1:24: The Ransomware Attack on Memorial Hospital
• 3:00: The Impact of Digital Transformation on Healthcare
• 12:33: Understanding the Embargo Ransomware Group
• 14:58: How Cyber Attacks Kill Patients
• 17:26: The Human Cost of Cyber Attacks
• 24:19: Preventing Future Cyber Attacks in Healthcare
• 27:05: How Ransomware Kills In Real Life

Transcript

This conversation delves into the ransomware attack on Memorial Hospital in Bainbridge, Georgia, highlighting the severe impact of cybercrime on healthcare, particularly in rural areas. The discussion covers the tactics used by the Embargo ransomware group, the human cost of such attacks, and the urgent need for improved cybersecurity measures in healthcare settings. The host emphasizes the importance of proactive steps to safeguard patient care and community trust against future threats.

takeaways

·       Ransomware attacks can revert hospitals to outdated manual processes.

·       Digital transformation has increased reliance on technology in healthcare.

·       The Embargo ransomware group is a new and formidable threat.

·       Ransomware attacks can lead to increased mortality rates in patients.

·       Cybercriminals are exploiting vulnerabilities in outdated healthcare systems.

·       Preventive measures are essential to safeguard patient data and trust.

·       Healthcare organizations must regularly assess their cybersecurity risks.

·       Incident response plans should be regularly updated and rehearsed.

·       Education and awareness among staff are crucial for cybersecurity.

·       Proactive steps can mitigate the impact of cyber attacks on healthcare.

Sound Bites

·       "This was a method, a motive, and a new malware toolkit."

·       "This isn't fiction. This is what a ransomware attack looks like."

·       "Ransomware doesn't care about zip codes or mission statements."

·       "Security isn't a luxury, it's a necessity."

·       "Protect your data, protect your people."

·       "Stay informed, stay prepared."

Chapters

00:00 The Ransomware Attack on Memorial Hospital

02:26 The Impact of Digital Transformation on Healthcare

06:53 Understanding the Embargo Ransomware Group

12:21 The Human Cost of Cyber Attacks

20:56 Preventing Future Cyber Attacks in Healthcare

Welcome to Bainbridge, Georgia—where a cyber attack turned Memorial Hospital into a warzone of blinking screens and silent phones. This isn't sci-fi. It's the chilling truth of how ransomware can lead to real-world deaths. In this episode, we unpack the battle between Embargo and Memorial Health, and reveal the emotional and life-threatening toll of cybercrime.

Topics: How Cyber Attacks Kill Patients, Latest Hospital Cyber Attacks, Worst Healthcare Cyber Attack, How Cyber Attacks Kill, How Cyber Attacks Can Kill, When Ransomware Kills, Why Cyber Attacks Can Kill,  How People Die From Cyber Attacks, How Ransomware Kills In Real Life, How To Protect Employees Online, New True Cyber Crime Examples, New Ways To Limit Cyber Liability, the people who cause ransomware attacks, cyber attack emotional affect, emotional toll of cyber attack, what a data breach feels like, ransomware, cybercrime, healthcare,

Host (00:11.48)
You know it's a great day in technology when your local hospital decides to play a little house on the prairie and turn into some rural, non-technical 1800s healthcare model. Not by choice, but because a ransomware gang held their digital brains hostage. Welcome to Bainbridge, Georgia, where Memorial Hospital went from life-saving to life on paper. Literally.

Forget email, forget EHRs, and yes, even forget pharmacy systems. It's like the Oregon Trail, but with hackers and malware. Here's what's interesting. This wasn't some random hacker or some random hacking job. This was a method, a motive, and a new malware toolkit and approach more sophisticated than most IT departments.

Stick around to the end to find out who was behind this nightmare and how they're targeting new victims right now in the Midwest here in the United States. I can tell you this, it doesn't involve horses, a prairie, or anything resembling a water-colored painted sky. Enjoy the story. Tell us your feedback in the comments below. If you like this content, please subscribe. This is Cybercrime Junkies, and now, the show.

Host (01:36.557)
Catch us on YouTube, follow us on LinkedIn, and dive deeper at cybercrimejunkies.com. Don't just watch, be the type of person that fights back. This is Cybercrime Junkies, and now the show.

Host (01:56.277)
So imagine waking up in a small town where the local hospital, which is really like the heartbeat of a bedroom community, suddenly reverts back to the 1940s. No computers, no digital records, just paper charts, harmful delays when every minute counts, and of course, frantic staff. This isn't a scene from a retro movie. It's Bainbridge, Georgia, just a few months ago.

Back on November 1st, 2024, Memorial Hospital and Manor serves over 120,000 residents. And it was hit by a ransomware attack that crippled them. Everything was down. We talk about two worlds often, and here's a perfect example and proof of what we say. 20 years ago, we had two versions of our world. We had our

Computers in the hospital or computers at the office and if they went down, I mean, come on We were fine. We still had other ways and processes and systems but we've all gone through this digital transformation and because of that digital transformation not only are all the paper files scanned in and now digital and Sit on servers and systems all of which can be hacked but because of that

We've changed our processes. We've changed our non-technical methods of operation where we can't function when the technology goes down. And that has caused much more impact and much greater reliance on the technology that we use. Today we're diving deep into this cyber attack, uncovering who was behind it, how they executed it.

and what steps you can take literally to prevent this crap because all of these attacks are 100 % preventable. So circling back to that day in November, 2024, it was a typical crisp morning in Bainbridge. Staff at Memorial Hospital began their routines, grabbing their coffee, making their rounds, getting things hopping, right?

Host (04:21.858)
The entire time they were unaware that this threat had been infiltrating their systems

Again, we talk about how attackers get in and they're there undetected for quite a while. So a few days go by, right? And all of a sudden, the hospital's digital systems flatline. Electric health records, EHRs, email servers, and even pharmacy systems, all of them immediately became inaccessible.

So what happened? Well, from a high level, here's what happened. They were inside. They had done their OSINT. They had done their research. They compromised the system and they got inside and then they watched and they waited for the right moment. And then boom happened and they launched their attack. After that, the staff was paralyzed. Again, because we are too

on the technology that we use. The staff had to revert to manual processes, a lot of which they didn't have anymore, right? Which the result there for patients was terrible, right? It led to long wait times, increased potential for errors, a whole bunch of chaos ensued. Now it wasn't a technical hiccup. This was a full blown like cyber crisis. It started...

like any other day the morning of the attack. Cool, crisp, quiet. Bainbridge, Georgia, beautiful little town. But by the end of it, Memorial Hospital and Manor had been gutted. Patient data locked, pharmacies shut down, and lives disrupted. This isn't fiction. This is what a ransomware attack looks like when it hits home. And in rural America, offline,

Host (06:24.065)
means more than just a technical term. It can mean life or death. Today we're diving into the brutal reality of the embargo ransomware attack and why rural hospitals like Memorial are ground zero for cyber warfare. And why was the impact so severe? Memorial Hospital in Manor was more than a medical center. It was the heartbeat of Bainbridge, Georgia.

an 80-bed hospital, 107-bed nursing home. had emergency, surgical, and long-term care facilities there, all powered by systems and digital platforms in place on November 1st, 2024. Cybercriminals just didn't target a business that day. They targeted this county and this region's lifeline.

and 120,000 patients paid the price.

Host (07:32.897)
The rural medical facility in Bainbridge, Georgia Memorial Healthcare made the breach public in early November, a short time after the attack actually happened. They came public and said that their digital systems had been rendered inoperable, requiring staff to rely on manual record keeping using paper-based documentation. The full review after the forensics and

The initial first responder teams got in there, repaired, restored things as best they could, at least to get them operational, which took some time. That was completed in January, toward the end of January. It was actually January 31st. So this was the beginning of November, all of November, all of December, all of January, and then the report came out. And that confirmed the following, that names of patients and employees

Social Security numbers, dates of birth, health insurance information, medical treatment information, which is highly private. All this is private, but that stuff can be embarrassing and highly private and very damaging. Medical histories, all of them got exposed. Notification letters were sent out to those affected on February 7th.

So this was several months after the event. And those notifications went out to 120,085 individuals affected by this. They offered what? They offered complimentary credit monitoring services for 12 months. I don't know about you, but I have about 10 of those and it's always good. You should definitely freeze your credit. If you don't have your credit frozen and you live in the United States, you should freeze your credit.

frees your credit and frees your credit. And if you have children, freeze their credit. Just trust us, it's free. In our take home resources on our website, cybercrimejunkies.com, you can actually see all of the information to know exactly how to do that. So you should do it, it's free and it will stop so much harm that can come to you personally, subject to your life savings at risk, et cetera. Always, always freeze your credit. Anyway, let's get back.

Host (09:59.949)
to the story. Memorial had implemented additional security measures after the attack. Great. Would have been nice to have it before the attack, but that's still good. In which they sought to strengthen data security and prevent similar incidents in the future, of course. The stolen data, like we mentioned, listed all of those things. Here's kind of the timeline of what happened. Antivirus flags, they're just,

basic antivirus started to pop up early on November 1st. They'd pop up on and off throughout the day. By the next day after 24 hours it was confirmed that the hospital had been hit. The attacker was this group called Embargo, the Embargo Ransomware gang. And we haven't really talked about them very much on the show. We've talked about Lockbit, Black Hat, Black Suit, Black Basta.

you know, Shadow Crew, all the main ones, know, Areval, Conti, etc. But there's a lot of these segmented newer brands, if you will, that operate very, very effectively and they're very nimble and they're very well funded. And so we're going to explain a little bit about Embargo in just a second. So this group called Embargo, which is relatively new on the scene, what they had exfiltrated, again, exfiltration,

is fancy word for steel, what they stole was 1.15 terabytes of data. That is a lot of data. That's a lot. And they grabbed all of it. So insurance details, social security numbers, medical records, medical histories, you name it. Staff was left scrambling with paper records, wait time spiked, medical errors.

and the risk thereof increased, patients had to be diverted to other hospitals, which in a rural setting can literally be fatal because every minute counts. You can't drive an hour and a half away when you need medical treatment now. So, at end of the day, this wasn't a disruption. This was a take-down.

Host (12:21.835)
And the culprit is this relatively new, formidable ransomware group called Embargo. So here's a little bit about him.

They emerged in mid 2024 and they operate under a ransomware as a service model, meaning they provide tools, they create the code, they have the brand, they host the site, the infrastructure, literally like they create the logo, they do the communication, and then they go and contract with various other cyber criminals to do different things.

other cyber criminals don't know each other in the true organized crime model where you have sergeants and captains and different people doing things and they don't necessarily even know each other so that if any one of them get caught they can't ever tell anybody even if they wanted to. Embargo emerged in mid 2024 so shortly before this attack.

They provide tools to affiliates, these digital mercenaries, who then go and carry out the attacks. The group is like the mafia family who kind of controls the players and who the other players may not even know the other players are, right? So in this case, they deployed custom tools that were coded with a special code that's called Rust. It was done in a program language called Rust.

And Rust is really new and really loved by cyber criminals because it has all of these programs that are also written in Rust that they sell on the dark web that can divert in a way, get around detection tools. Think endpoint detection and response, EDR, things like that. Rust has the ability

Host (14:32.429)
to coded and there's a lot of samples on the dark web where they're able to go and take that and then get inside and turn off a lot of these detection tools so that they can operate without detection and not get caught. So they deployed these custom Rust-based tools. One of them was called M-deployer and the other one was called MS4 killer.

What they did is, just like I explained, they disabled security defenses, ensuring that their ransomware could execute without being detected ahead of time. Once inside, they stole approximately 1.15 terabytes of sensitive data, which means they exfiltrated it, including all of the patient names, social security numbers, medical records, et cetera. When the hospital didn't meet their ransom demands,

So they made a ransom demand and we don't have data on the demand that was made. with 120,000 patients and 1.15 terabytes of data, we know it was high. It's probably in the 5, 10 million range. That's speculation, my personal opinion, but given all the others, that's where it seems like it would be. And when the hospital didn't meet the ransom demands, what did embargo do?

while they publish the stolen data on their dark web leak site, which means it's available for everybody, because it gets spread out and everybody reports on it. So a little more about the Rust programming language and why cybercrime gangs are using it so much. They're doing it mainly because it gives them strategic advantages. One, there's speed and stealth.

capabilities. Rust compiles to fast, efficient machine code, allowing ransomware to execute quickly while staying under the radar of many traditional antivirus tools. It also works cross-platform. So Rust runs smoothly on Windows, Linux, and even Mac OS, making attacks more scalable across different environments. Because when they land in an environment, if some tool set

Host (16:53.183)
works for deploying things in a Windows environment, but then you're moving laterally and you cut across Macs and Linux, it might not work in that environment. And the Rust systems, the systems that are coded in Rust, tend to work really smooth in all of those environments, which is part of the reason why it's so popular. The other is the load detection rate. When ransomware gangs are using programs coded in Rust,

The Rust binaries are really hard to reverse engineer, which slows down forensic investigations and makes signature-based detection harder. And there's also memory safety with Rust. Rust prevents common bugs like buffering, overflows, which could crash their own tools, and therefore it makes it a more stable malware. So.

At the end of the day, look, Rust gives ransomware gangs performance, stealth, and fewer coding screw-ups. It's like handing a sniper rifle to someone who's used to swinging a baseball bat. Like, it is really high-end and precision. And that's exactly what the Embargo ransomware gang did here. So now, what was the human cost? Well, let's address that.

Host (18:26.805)
Okay, so enough about rust in the code malware language. What about the humans? What about the human cost? Well, here, what happened? There was delayed care, postponed surgeries, their electronic health record system, their EHR system was locked, ambulances had to be diverted. This was major, right?

Studies suggest that ransomware attacks increase mortality rates. Some estimates say up to 20%. Deeper studies show approximately 45 to 68 patients have died in the United States in the past few years due to ransomware attacks at rural healthcare facilities. 45 to 68 people literally died because of ransomware attacks.

to rural healthcare in the United States in the last couple years. That's major. That's ridiculous, right? And you think that's extreme? Just ask the patients who had to be diverted to different healthcare systems entirely, requiring them to travel hours away, which is a dangerous and sometimes fatal risk. And some don't even live to tell us about it. In rural settings where medical resources are already stretched thin,

disruptions like this can be catastrophic.

In Memorial Hospital's ordeal, it's part of a broader trend. Last year alone, 146 healthcare systems in the United States were hit by ransomware. It affected 141 hospitals. Remember the massive change healthcare breach. It froze systems across the country. mean, cybercriminals are genuinely turning healthcare into a war zone.

Host (20:27.696)
They're increasing targets of healthcare facilities. They're exploiting vulnerabilities in outdated systems and insufficient security measures. So what can be done to prevent stuff like this? I mean, what actually can be done? Memorial hospitals survived the attack, but every hour they were offline, lives hung in the balance. There was operational disruption.

the encryption of digital systems forced staff to use the manual processes we talked about leading to delays in diagnostics and treatments. There was data compromise. Sensitive personnel and medical information of over 120,000 patients was compromised, raising concerns about privacy, future identity theft, and the fact that somebody will defend it and say, well, we haven't seen any.

indicia or evidence of identity theft. Yet. Right? We don't know. Like give it some time until it's sold and then somebody takes that data and creates fake credit cards and identities and things like that. That's it takes a little process, takes a little time, but it's coming because it always comes. It always happens. And then there's the effect of community trust. We talk about this a lot.

But I mean, the breach did erode patient confidence in the hospital's ability to safeguard their personal information. So if you're in leadership and you think, well, it won't happen to us. First of all, that's foolish. Think again. Ransomware doesn't care about zip codes or mission statements or your income. It only cares about a single social engineering tactic and vulnerability.

And the attackers won't get prosecuted and they won't have any remorse over bankrupting you and your organization. They were raised in parts of the world in general where we're the enemy, right? You're the enemy. You're not the good guy. You're the bad guy. What they're doing is good. And so they don't feel bad about destroying

Host (22:52.87)
everything that we've built for decades. Here the hospital responded pretty quick actually compared to others and they hired forensic cyber experts, they reported it to the FBI, they did not pay the ransom so clearly they listened to the FBI. They did get their data leaked though. They sent out 120,000 notification letters and they offered 12 months of credit.

All of that is really expensive. And let's be honest, no monitoring service can restore patient trust or undo the damage done. Memorial Hospital's experience serves to remind us all of the vulnerabilities in our healthcare infrastructure, right? I today, security isn't a luxury, it's a necessity. So here's

five main things that the industry suggests that your organization should be doing today. One, know your risk. Have an assessment. Regularly evaluate your systems, your vulnerabilities, your processes, what your threats are, how you're dealing with some of the new emerging technologies, right? Have it updated and evaluated independently. And then number two, is be able to find your risk.

That's where the detection piece comes in. And you can't afford to build it. You need to buy that, right? You literally need to engage with organizations that have 24 seven, you know, security operations center eyes on glass to be able to search for things that are real and damaging before they're able to launch.

That's really the key because not all breaches are created equal, right? The ones that are in for a long period of time do a lot more damage than the ones that get caught right away and kicked out.

Host (25:00.944)
So the third thing they always suggest and recommend are to prioritize vulnerabilities. So what does that mean? It means you have to know how can bad guys get in based on how our network is configured right now. They don't have to use social engineering. They could literally get in through these bad configurations that we have. So you need to have penetration testing and vulnerability scans so that you can identify those things and then

find out, let's say there's a hundred different things that are wrong here. What are we supposed to do? Well, there's probably only about five that are actually being exploited by hackers, by threat actors to get in. So let's identify those five, prioritize them, and get those done. That's the key. The fourth thing is to plan and to test your plan. Meaning, if you're not going to do anything for cybersecurity,

and you don't care about your customers, you don't care about the future, you're just going to fly that plane straight into the mountain. Fine. But at a minimum plan for the day of, because for you it's definitely coming, right? It's not a matter of if, it's a matter of when. And at a minimum, you should practice who does what on that day, because literally we've been called in as first responders and

On that day, people were like, I'm looking for my incident response plan we developed two years ago. It says Carl's supposed to do this. Hey, Bob, can Carl do this? Yep. Carl's no longer here. He left six months ago. They haven't updated anything. They haven't rehearsed anything. They haven't done breach simulation. We all did fire drills when we were kids, right? We all did that in school. Why? Because if you didn't, kids would die. It's the same thing here.

So create your incident response plan. It's like a living, breathing, racy document, right? Who does what, who's responsible, who's accountable, who needs consulted, who needs informed for everything. Day one, day two, day three, hour one, hour two, hour three, right? And number five, the fifth thing that they recommend is educating and protecting your end users. Education, making them aware of things.

Host (27:27.014)
getting them to lean in on their security, improve their cyber hygiene, have them do it for themselves. We do it at no cost. It's available everywhere. Just do it. Protect those people to have multi-factor authentication, DNS filtering, all those standard things that organizations have been talking about for five years straight. Just get those things done. Those are fundamental.

You do those things and the risk goes down and even should something happen, because after all you're trying to predict an intervening criminal act by a third party in the future. It's pretty hard to predict. But even when it happens, when you have those five things in place, the impact isn't going to be as much. The cost isn't going to be as much. The length of time isn't going to be as much. The disruption isn't going to be as much.

It really pays to do it. These measures, they're not just technical protocols. They are essential practices to safeguard patient care and trust. So protect your data, protect your people. And if you can't outrun the threat, you need to make damn sure you're not the slowest runner in those woods.

Host (28:53.443)
And if you're a rural hospital, the threat isn't coming in the future. It's already here. By taking proactive steps, we can protect our communities from similar threats. So stay informed, stay prepared. Let's work together to stop events like this from ever happening to your community. Want more real stories of how cybercrime is reshaping our world? Subscribe.

to our channel, Cybercrime Junkies. If you want to dive deeper, check out our website at cybercrimejunkies.com. Check us out on YouTube and our audio podcasts are available everywhere there are podcasts. Thanks for watching. And the next episode starts right away.