CDE Reports that Cancer Death Cluster Linked to Cyberattack

This morning the Center for Disease Eradication in Atlanta, GA announced that it had determined that a cancer death cluster in Alabama was caused by a cyberattack on infusion pumps being used for chemotherapy at the Thomas Parran Health Clinic, Notasulga, AL. Twenty-five people had died in the area in the three months before the investigation was initiated from various types of cancer; all of them had been treated at the Parran Health Clinic. Ten more people died before the cause of the deaths was determined to be linked to the infusion therapy being provided at the clinic. Taliaferro Clark, Director of the Parran Clinic told reporters that he and the clinic staff were devastated that they had in any way contributed to the death of their patients. “We established this clinic in Notasulga to provide advanced cancer treatments to the underserved population of the area,” he said: “The very idea that our attempts to help these people accelerated their demise is heartbreaking.” Most of the patients at the clinic are black and low income. The clinic charges no fees for their treatment. Julius Rosenwald, CDE spokesperson, told reporters this morning that investigators quickly determined that the proximate cause of death was high-rate of chemotherapy drug administration leading to toxic events in the body. “We reviewed the clinic protocols for therapy and found them to be well within established norms,” Rosenwald said; “We then had the Clinic demonstrate their protocol on a simulated patient and determined that 80% of the chemotherapy drugs were administered within the first five minutes of the two-hour infusion. Our attention then turned to the infusion pumps.” Kate Libby, a Senior Investigator with Dragonfire Cyber, was brought in to look into the infusion pump programming. She explained that the model of infusion pumps being used at the clinic were no longer under support by the manufacturer but had recently been refurbished before they were donated to the clinic. “We looked at the programming on the devices and discovered that it had been significantly altered from the last version provided by the manufacturer, Vaernet Medical,” Libby explained; “When the infusion rate was set into the pump, the program set two infusion rates so that the bulk of the drugs were administered immediately and the remainder over the rest of the infusion period.” Libby also reported that there were comments in the code that indicated that it had been prepared by a group called ‘Aryan Coders for Victory’. Once a cyber attack had been documented, the CDE brought the Federal Bureau of Inquiry into the investigation. The FBI contacted Eunice Rivers, the lawyer that handled the donation of the infusion pumps to the Clinic. That donation was anonymous, but Rivers was able to provide a name, address and description of the person that approached her to deal with the donation process. The FBI is still looking for that person and is currently withholding the name from the press. Ms Rivers issued a statement that she is fully cooperating with the FBI, but will not discuss the matter in public. CAUTIONARY NOTE: This is a future news story –Future ICS Security NewsRead More