United Healthcare Hacked -- damage severe. Months to repair

Look, you may very well be right. Perhaps the use of electronic health records has changed the system so much that a return to paper records is impossible.

However, I will again point out that the health care facilities that stay in business after a cyberattack continually mention that they do so through the use of paper records. Apparently, in an emergency paper records are sufficient to allow a functioning medical system. And that is the real meat of the matter, how to keep functioning after a debilitating cyberattack.

A couple of examples:

Memorial Health System in Ohio is struggling to restore its IT systems after a cyberattack Sunday that has significantly disrupted care and forced medical personnel to use paper records. https://www.fiercehealthcare.com/tech/memorial-health-cancels-surgeries-reverts-to-paper-records-as-it-responds-to-cyberattack

The most recent example is the ransomware attack on Prospect Medical that shutdown many clinics and hospitals. Those that stayed open mention the availability of paper records:

A ransomware attack this week on a California-based health care system forced some of its locations to close and left others to rely on paper records.…The system, Prospect Medical Holdings, which operates 16 hospitals and more than 165 clinics and outpatient centers…https://www.nytimes.com/2023/08/05/us/cyberattack-hospitals-california.html

Waterbury Hospital in Connecticut wrote on Facebook Tuesday that its computer systems “continue to be down throughout the network due to a data security incident.” The hospital has been forced to use paper records while treating patients.Prospect Medical hospitals still recovering from ransomware attack

I dunno but there seems to be lots of examples where paper record backups have been useful even in this age of intense electronic record keeping. Perhaps the inability to secure a purely electronic medical system will force a return to the old days of less documentation and more treatment. Wouldn’t be the worst thing that could happen.

None of your examples indicate that they used prior paper records to recreate days, weeks, or months of patient history, only that they started writing down what they were doing as they were doing it. That’s a reasonable kludge in an emergency, not necessarily a reasonable solution for regular, ongoing business practice.

It’s the same thing you would do if, without notice, the server went down because of a power failure or cable cut, but it would be impossible to try doing that for everything.

Remember when using a credit card meant watching the merchant dig out the swiper machine, rolling it across a carbon paper form, and imprinting the numbers from the card onto multiple copies? And realize why that was an impediment to credit card use? The world has moved on. New solutions are required.

1 Like


People commonly had indemnity plans until some time in the early 80s perhaps when HMO plans were invented.

The indemnity plans were simplified. Everything was covered. The bureaucratic time and costs were a lot less.

The other dumb fact? There was no ransomware in 1969.

How many statistical arguments are there in this world? You would not believe the range of numbers. LOL

There’s no “perhaps” here. It’s way past “definite” at this point.

That isn’t to say there is no place for paper (or manual/local methods). Obviously, when there is a power failure, or when the computers are not working properly, or when the internet isn’t working, or when there is a potential cyberattack, a facility has to use paper (or local computing methods) to keep track of everything. But as soon as the emergency is over, and the systems are working again, all that stuff has to be transferred to the normal systems. And this is what all your examples show, an issue is found with the computer system, they switch to “paper” temporarily, and then later when the systems are working again, they transcribe it all to where it belongs.

Each facility does it differently. My PCP would open a word document (literally “.doc”) and regularly enter his notes there. Then after I left, a person working in the office would take it and transcribe it as necessary into the online systems to get it ready for submission. Apparently they even have “experts” (coding experts) for this nowadays. The orthopedic surgeon that repaired my shoulder a year plus ago, would verbally, using a speech-to-text app on his iPad, speak his notes right while examining me. And he had an assistant in the room correcting the notes in real-time right after he spoke. I assume that was done so they could get the submission in as quickly as possible after the exam to avoid any work piling up and having to be done in arrears. When the system is down (internet issue, power issue, hack issue, etc) they are forced to do it later, of course.

And lest you think this is limited to the insane US medical system, it isn’t. In other countries with state-sponsored or state-subsidized HMO-like medical care, ALL care has to be entered into the on-line system properly without exception.

They weren’t meant to. They are meant to show that retaining the resources and infrastructure to use paper records can be the difference between surviving a ransomware attack or going out of business. Hospitals that were able to transition to paper records still provided medical service. Those that couldn’t failed their patients.

But I want to emphasize, that the fact that so many institutions lacked prior paper records from which to rebuild their attacked database is why so many end up paying the ransom.

I’m not sure where you got the idea that I was suggesting anything like that. My suggestion is that paper copies be used as a backup of last resort, when all else fails. The response from you and others is that it is not logistically possible. Yet, paper records were the norm 30 years ago with institutions like Blue Cross, insurance companies, and the DMV that dealt with customer numbers and transactions in the ballpark of that faced today by UHC or Prospect Medicine.

I totally agree with everyone here that paper is far less efficient than electronic. I just don’t think that makes paper irrelevant. In an era when institutions continue to demonstrate an inability to protect their online databases from bad actors, paper records provide an obvious backup system that is impregnable to malware and from which one can restore the system as well as function while the system is being restored.

The one big caveat to that is the assumption that online databases can be made safe from malware. If they can’t and major institutions cannot guarantee the confidentiality of their customers’/patients’ financial and medical records then who knows what might happen.

If the statistics out there are correct about the number of health care databases compromised by malware, then the online system is simply not working. A change is needed of some sort. Let me be clear, I am all for a paperless solution to the ransomware problem. I am also for anti-gravity cars. I am just skeptical that either is technologically feasible in the near future.

Sophos estimates that about 60% health care systems attacked by ransomware, with most having data encrypted by the malware. Healthcare Data Breaches Impact 88 Million Americans This Year - Infosecurity Magazine.

88M people seems like a lot to me.

A breech is merely unauthorized access. It doesn’t do anything to impact the functionality of the system other that to annoy the people whose data is taken. Ransomware makes the data inaccessible and the system non-functional. One discovers that right away.

1 Like

There ought to be software to detect breeches sooner.

Don’t go by IBM.

That is a laughable quote. It might have been from 1969 like another point made or from 1990. It has not been a fact for decades.

Overall, the DBIR—which is based on an analysis of more than 79,000 breaches in 88 countries—showed approximately 60% of incidents were discovered within days . However, 20% could take months or more before organizations realized something was amiss.


Statistically speaking how much imagination can be applied to statistics to nowhere?


The 88 million effected by data breaches in 2022, report from 2023…“a lot to me”. Except that they were mostly unaffected. It was merely their data was under threat and generally the threat was thwarted. That can included using back up data offsite and offline to reconstitute the database unknown to the patients.

I guess it depends on POV. This is IBM’s take:

The resulting loss of business, revenue and customers cost data breach victims USD 1.42 million on average. But the average cost of detecting and containing a breach is slightly more expensive at USD 1.44 million. And post-breach expenses—including everything from fines, settlements and legal fees to reporting costs and providing free credit monitoring from affected customers—cost the average data breach victim USD 1.49 million. Data breach reporting requirements can be particularly costly and time-consuming. What is a Data Breach? | IBM).

Ransomware attacks have evolved according to some cybersecurity companies to now typically include data theft. In this case the bad actors use malware to survey the system, identify valuable data, and steal it. They then encrypt the database and issue the ransomware threat. This makes the ransom demand more compelling as it now includes the threat of releasing confidential info as well as to provide the key to the encrypted database. Selling the confidential info on the black market is also an additional revenue stream.

Most ransomware attacks now involve the theft of personal or sensitive commercial data for the purpose of extortion, increasing the cost and complexity of incidents, as well as bringing greater potential for reputational damage. https://www.weforum.org/agenda/2024/02/3-trends-ransomware-2024/


If all that is done is to examine or steal the data and the data is left intact, there is basically nothing to detect except the mechanism of the breech … which, of course, is exactly what the vendors of entry point security do. I would really like to see statistics on number of breeches compared to installed base of each security product … including footnotes about whether the product was up to date and such. I think we would see that the vast majority of breeches were do to lack of state of the art protection and/or things like leaving the product with default passwords and the like.


Thanks, Tamhas.

You would think someone downloading gobs of data would raise eyebrows and make real folks ask questions.

No one seems to do that.


Requires clean people monitoring the logs, setting up and watching for alerts for extraordinary data volumes, new/unregistered access patterns, etc.

If its an inside job, which it frequently is, the payoff… they’re getting paid and walking away anyway.

1 Like

Ransome attacks are inside jobs? I doubt that.

Selling credit card information is a different matter.

1 Like