AP, KIEV, Ukraine :
Dr. Lidiia Podkopaieva was about to click “send” on an order of new surgical instruments when her computer monitor suddenly went dark.
She speed-dialed the clinic’s technician but didn’t even have time to tell him what was wrong.
“We’re under cyberattack,” he told her. “Switch off the computer immediately.”
The call would kick off a “crazy week” as Podkopaieva and her staff struggled with the sudden loss of half the computers at the Left Bank Pediatric Clinic in Kiev, where she serves as medical director. The central phone system collapsed, digital appointments vanished and diagnostic machines dropped offline, interrupting at least one patient’s exam. Podkopaieva said no one suffered in the attack, but academics argue that even glancing blows to medical facilities like this one represent a damaging break with international norms.
“You cannot attack hospitals,” said Duncan Hollis, a Temple University professor and a former treaty lawyer for the U.S. State Department. Although what happened at Podkopaieva’s clinic fell short of the death and destruction that would constitute an unambiguous “attack,” Hollis said the disruption was still a step in a dangerous direction.
“It’s getting close to, if not across the line of, actual harm that international law might be prohibiting,” he said.
Podkopaieva’s pediatric clinic, part of Ukraine’s Dobrobut health group, was one of thousands of victims of the data-scrambling software dubbed “Nyetya” that erupted June 27. Unlike WannaCry, a similarly quick-spreading digital worm that also disrupted hospital work earlier this year, Nyetya’s masters appear to have had the ability to draw data from their targets – meaning they either knew or could have discovered who would be at the receiving end of their attack.
Podkopaieva said the disruption to Dobrobut was considerable.
“For a moment, we were blind and deaf,” she told The Associated Press in an interview at her clinic a week after the attack. Across Dobrobut, a CT scanner, a mammography machine and four X-ray machines were disabled after the worm crippled the Windows computers they were connected to. One patient had just finished being X-rayed when the cyberattack destroyed their scan, she said. Overall, about 100 examinations had to be canceled.
Dobrobut wasn’t alone. Ukraine’s Ministry of Health says public hospitals weren’t touched, but at least two other private medical institutions in Kiev were also affected, according to the Ukrainian website Censor.NET, which published a running tally of affected firms. The media group said several pharmaceutical companies also were affected by Nyetya and anecdotal evidence suggests pharmacies across Ukraine experienced shortages when the cyberattack derailed deliveries of medication.
Volodymyr Varenytsia, who runs a drug store in the Luhansk region of Ukraine, said he ran out of iodine and Citramon, a headache medicine, in the days after June 27. The shortage lasted until deliveries resumed a full week later. Meanwhile, he had to turn some clients away empty-handed.
Dr. Lidiia Podkopaieva was about to click “send” on an order of new surgical instruments when her computer monitor suddenly went dark.
She speed-dialed the clinic’s technician but didn’t even have time to tell him what was wrong.
“We’re under cyberattack,” he told her. “Switch off the computer immediately.”
The call would kick off a “crazy week” as Podkopaieva and her staff struggled with the sudden loss of half the computers at the Left Bank Pediatric Clinic in Kiev, where she serves as medical director. The central phone system collapsed, digital appointments vanished and diagnostic machines dropped offline, interrupting at least one patient’s exam. Podkopaieva said no one suffered in the attack, but academics argue that even glancing blows to medical facilities like this one represent a damaging break with international norms.
“You cannot attack hospitals,” said Duncan Hollis, a Temple University professor and a former treaty lawyer for the U.S. State Department. Although what happened at Podkopaieva’s clinic fell short of the death and destruction that would constitute an unambiguous “attack,” Hollis said the disruption was still a step in a dangerous direction.
“It’s getting close to, if not across the line of, actual harm that international law might be prohibiting,” he said.
Podkopaieva’s pediatric clinic, part of Ukraine’s Dobrobut health group, was one of thousands of victims of the data-scrambling software dubbed “Nyetya” that erupted June 27. Unlike WannaCry, a similarly quick-spreading digital worm that also disrupted hospital work earlier this year, Nyetya’s masters appear to have had the ability to draw data from their targets – meaning they either knew or could have discovered who would be at the receiving end of their attack.
Podkopaieva said the disruption to Dobrobut was considerable.
“For a moment, we were blind and deaf,” she told The Associated Press in an interview at her clinic a week after the attack. Across Dobrobut, a CT scanner, a mammography machine and four X-ray machines were disabled after the worm crippled the Windows computers they were connected to. One patient had just finished being X-rayed when the cyberattack destroyed their scan, she said. Overall, about 100 examinations had to be canceled.
Dobrobut wasn’t alone. Ukraine’s Ministry of Health says public hospitals weren’t touched, but at least two other private medical institutions in Kiev were also affected, according to the Ukrainian website Censor.NET, which published a running tally of affected firms. The media group said several pharmaceutical companies also were affected by Nyetya and anecdotal evidence suggests pharmacies across Ukraine experienced shortages when the cyberattack derailed deliveries of medication.
Volodymyr Varenytsia, who runs a drug store in the Luhansk region of Ukraine, said he ran out of iodine and Citramon, a headache medicine, in the days after June 27. The shortage lasted until deliveries resumed a full week later. Meanwhile, he had to turn some clients away empty-handed.