List of organizations hacked by ransomware group Play found on the dark web. Play allegedly hacked Lowell's municipal network on April 24th, and on May 11th he released 5 GB of data. (Courtesy of Brett Callow)
Sophisticated cyberattacks targeting state governments and healthcare systems demonstrate the need for a coordinated approach to mitigating the damage caused by these disabling hacks.
It was exactly one year ago that Lowell's municipal computer network was compromised.
Online ransomware group Play claimed responsibility for the massive cyberattack and boasted that it had published 5 gigabytes of data obtained from the theft and posted it on the dark web.
Five months later, Lowell still has not fully recovered from this network breach, and the city government has lost access to phone services, email, finance, human resources, asset management, revenue systems, and ancillary services such as Dog, Business, etc. is no longer available. And a marriage license.
During that time, city officials faced the daunting prospect of rebuilding servers and networks, installing new equipment, creating secure user access portals, and training employees on cybersecurity.
Lowell police reported in September that critical functions still could not be performed from patrol car computers, forcing officers to log on to nearby precincts or police headquarters to complete shifts. However, this was a tedious and time-consuming process.
More recently, widespread hacks of health care payment services continue to inflict severe financial pain on the state's health care providers.
As reported by the State House News Service, February's devastating cyber attack on Change Healthcare cost the Massachusetts health system approximately $24 million per day and forced health care providers to pay health insurance companies a financial loss. I was forced to seek redress.
The Massachusetts Health and Hospital Association estimates the average daily cost of an attack to be $24.154 million, based on a survey reflecting responses from 12 hospitals and health systems.
“Depending on how long it lasts, it's just kind of a snowball effect,” Karen Granoff, MHA's senior director of managed care, told the News Service at the time. “The longer you don't get paid, the more problems you're going to have.”
UnitedHealth Group announced that its Change Healthcare System, a provider of revenue and payment cycle management that connects payers, providers and patients within the U.S. health care system, will be back up and running by the end of March.
However, as of mid-April, UnitedHealth Group said, “We are committed to eliminating the impact on consumers and health care providers of this unprecedented cyber attack on the U.S. health care system and Change Healthcare Services, and to ensure that the “We are still working on continuing to expand financial support to health care providers who
No matter what safeguards are put in place, whether in the public or private sectors, it has become clear that they are insufficient to prevent these costly attacks.
Last year, municipalities, local school districts, and other municipalities could apply for up to $7.2 million in funding through the Local Government Cybersecurity Grant Program. However, an individual applicant's application amount was limited to his $100,000.
Additionally, $1.8 million available through the State Shared Cybersecurity Grant Program allows local governments to request up to $100,000 in federal funding.
In a state of 351 cities and towns, plus the Devens Economic Development District, these temptations have fallen far short of what these communities and institutions want.
A recently established public-private partnership aims to fill the void in cybersecurity oversight.
On April 10, the nonprofit organization CyberTrust Massachusetts announced the launch of an important new cyber assessment and monitoring service. This will give the state's cities and towns access to new capabilities to help reverse the trend of escalating cyber-attacks, ransomware, infrastructure disruptions and data breaches.
The effort begins with a program sponsored by Plymouth County for all of its municipalities.
Founded in 2022, CyberTrust Massachusetts brings together a consortium of university and industry partners across the state to grow and diversify the cyber workforce and help cities and towns, especially cities and towns with scarce resources. We are strengthening the security of our organizations.
This diverse collaboration has prompted the creation of a statewide security operations center, with an interim facility on the Bridgewater State University campus and later this year at Springfield Union Station led by Springfield Technical Community College. A permanent facility will be set up at and other area schools.
“Massachusetts has taken a unique approach to solving challenges related to cyber workforce development and local government cybersecurity through collaboration between business, higher education, and government. For customers, it means access to state-of-the-art cyber solutions with trusted advice and support at an affordable price,” said Peter Sherlock, CEO of CyberTrust Massachusetts. “CyberTrust Massachusetts, the communities we serve, and our member universities are committed to providing financial support and programmatic guidance to help us train and protect our work-ready workforce. We are grateful for the role of the Massachusetts Legislature and the Healy-Driscoll Administration through the MASTEC Collaboration in supporting underserved populations,” said Jay, former Secretary of Housing and Economic Development and Chairman of Massachusetts CyberTrust. Ash said.
Last October, the Healy-Driscoll administration demonstrated its support by announcing a $2.3 million grant to CyberTrust Massachusetts through the MassTech Collaborative's MassCyber Center.
This may not be an overnight solution to every cybersecurity challenge faced by local governments and other organizations, but it promises to create a comprehensive cyber expertise base at an affordable price. It has been.
