A number of devastating cyberattacks across Alaska have prompted many public entities to redouble their digital security measures, and Petersburg Medical Center is among them. The hospital is revisiting its cybersecurity practices in response to two hacks over the last year. It all started at an October 26, 2023 Hospital Board meeting, in the middle of a resident’s speech.
Glo Wollen was addressing the hospital board at the podium in the Borough Assembly Chambers, with her toddler at her side. She was there to speak up for the continuation of the hospital’s in-house childcare program, Kinderskog.
As she nears the emotional crescendo of her speech — a story about her late mother, who worked at the hospital — she’s cut off. The room goes wild.
Hospital staff had lost control of the meeting’s Zoom feed, where anyone from the public can join in remotely.
An anonymous guest filled the chat with racial slurs, and then they show a video of a man exposing himself. That image is projected onto a large screen right next to Wollen — for everybody in the room to see, including several children.
Almost a year has passed since that meeting. But Wollen says what she saw that day is seared into her brain.
I was giving my spiel, and all of a sudden… I look up and there’s like this- I didn’t even know what I was seeing! It was so bizarre that I think I expressed: ‘Oh my!’ And it was laughable, because it was, you know, it was so bizarre! And then it comes out that the ramifications for this kind of thing are pretty severe…
Jill Dormer, Petersburg Medical Center’s chief information officer, said the incident went all the way up to the FBI.
“Because there were small children in the room, we actually went to the FBI, [and] gave them all the information as far as trying to find who the attacker was,” said Dormer. “All of which is nearly impossible, because they were using random IP addresses. The FBI was pretty transparent that they would research it, but [there is a] very low possibility of finding who actually did it.”
That wasn’t the last time the hospital would tangle with hackers. This spring, one of their printers was attacked, making it churn out page after page of political propaganda.
Dormer said that’s when they knew it was time to look over their policies.
“We need to be vigilant to make sure that we’re adapting and keeping up with this ever changing world that we’re in,” said Dormer. And the only way to really do that is to make sure that we’re collaborating with our vendors and using all the right tools and doing the education that we need.”
Petersburg’s hospital board is far from the only public entity in Alaska to be targeted by hackers in the last few years. This spring, the Delta Junction City Council experienced a similar “Zoom-bombing” event, when internet trolls disrupted their meeting with a pornographic video.Digital bad actors have hit other public entities across Alaska even harder.
Several municipalities in Southeast were scammed out of close to a million dollars over the last few years. Six years ago, a cyberattack kicked the Mat-Su Borough completely offline. Borough employees had to break out pens, paper, and typewriters until they could scrub all the ransomware from their servers. Dormer said her nightmare scenario for Petersburg’s hospital looks something like that.
“Ransomware actually shuts your whole system down,” said Dormer. “And so, they go to a complete paper-based system, which puts them back 20 years, and they see a decline in services. They’re not able to take care of as many patients at once, and a lot of their systems, both clinically and financially, fall apart. I would hate to see that happen [on our campus.]”
Mark Breunig, Alaska’s coordinator for the Cybersecurity and Infrastructure Security Agency, said hackers are targeting Alaska with alarming frequency.
“It used to be: ‘Well, why would anybody attack Alaska?’ said Breunig. “What are they going to go after? Our moose and salmon?’ But that has all changed. Because now there’s a lot more sophisticated tools that adversaries have. An internet connection now is an internet connection — it doesn’t matter where you are.”
Breunig said that Alaskans’ vulnerability to cyberattacks has increased alongside the expansions of internet access across the state through things like the satellite service, Starlink — and the state’s rural communities contain particularly juicy targets.
“It’s target-rich, but resource-poor,” said Breunig. “And I don’t mean that in any negative way! I talk with people all the time out in rural communities where, if they have an IT shop — and [in] many cases, they don’t — it’s one person, and so they do not have the staff to do it. They don’t have the money to buy the systems. They may not even have the training or anything, and so they feel completely hamstrung, and don’t know what to do, [or] how to do it.”
But he has some advice for Alaskans who want to protect themselves from hackers. There are the basics: like educating employees on safe online conduct, and setting up Virtual Private Networks — or, VPNs — for teleworkers. VPNs basically create a private connection between the user’s computer and a remote server – masking their data, so nobody else can see it.
Breunig said there are also a number of governmental and nonprofit groups — like the Cybersecurity and Infrastructure Security Agency, CyberSecure Alaska and InfraGard — that help rural entities identify threats and counter them.
But as to what those countermeasures are? He can’t say too much. That’s because he doesn’t want to show his hand — in case the hackers are listening.
