Chapter 4 - It's About Business 4.1 - Hospitals for Sick Children (SickKids) Goes Code Gray Flashcards
What is a Code Gray? What happened to SickKids on December 18, 2022?
Code gray represents a system failure. SickKids hospital announced that on December 18, 2022 at 9:30 pm that telephone lines and network systems had shut down and failed. They announced that patient care could still continue but that they had taken down websites and systems and was working to fix the cybersecurity incident.
What was the verdict of the hospital on December 22? What did the hospital state about their readiness?
The attack was clear as the system. was still down and they were still continuing the care. The hospital stated that they were very ready for the attack, and are working with the law and experts to respond to the attack.
What happened in the hospital because of the attack?
It took much longer than usual to get lab and imaging results, and physicians could not send medical prescriptions online and were using downtime methods of manual prescriptions. The employee payroll system was also down so they implemented an emergency recovery plan to pay the employees.
What happened to Indigo at the same time as the SickKids Hospital?
They stated that they were facing a cybersecurity incident and were having troubles with customer orders, that delays would happen and that. The online ordering system was down online and in brick and mortar stores. The customers had to pay in person for their orders with cash, and the company could not do returns or accept gift cards.
Who was behind the attack that harmed these kids?
On December 31, 2022 the Canadian press accessed the dark web and a ransomeware group called LockBit made its announcements. They had an apology for the attack on the SickKids and provided decryption tools to get its data and system. LockBit had stated that it was their partner who had launched the attack and that they were not responsible for it.
What was the legitimacy of the decryption tool offered? What did the hospital end up doing? How much of the firm were they able to recover?
Emsisoft, A Canadian anti malware company said that this was the first time they had heard of the apology and the free decryptor. They did not end up using it as they could not confirm the validity. At this time about 60% of the systems had been restored without paying the perpetrators. On January 5, 2023 the code gray was lifted and they had 80% recovered.
What happened to the hospitals Electronic Medical Records?
It has not been affected or exposed and described that the number of treatment delays only affected a small number of people.
What happened at Chapters Indigo two days after the attack and what were they able to confirm regarding this? When was Indigo able to process returns again and what happened to this webpage on the same day?
- They were able process debit and credit two days after the site remained down. Confirmed on Feb 14, 2023 no debit and credit information was stolen.
- They were able to process returns again on February 17th. They allowed customers access to their website but it could only be used for information browsing.
What did the Chapters Indigo confirm on March 1? When were they able to recover their systems?
Their systems had been hijacked by a software known as Lockbit, Indigo refused to pay the Ransom and got the website function again on March 8th.
What was Indigos temporary solution during this attack?
Used Indigo that provided limited services and some sales too allow for the continuation of the company.
What percentage of businesses were affected by cybercrime in 2021?
1/5th of all the businesses
How much do companies spend on preventing or detecting cybercrime?
9.7 billion in 2021, up by 2.8 billion in 2019.
For companies that experienced down time, what was the average time and what issues did they face?
They experienced down time of around 36 hours, loss of revenue, employees unable to complete their work or taking much longer than usual to get it done.
What was the ransom fee that was typically paid?
600 million in 2021, up 400 million from 2019. However it is believed this data is underreported.
What has been the result of high volumes of ransomeware and cybersecurity crimes?
Significant law enforcement efforts, like the capturing of a Russian Canadian who was apart of Lockbit in which they were able to capture important information from his computer.
