In the 2nd quarter of 2016, 88% of all ransomware attacks targeted healthcare entities. In one high-profile case, Hollywood Presbyterian Medical Center in Los Angeles paid $17, 000 in bitcoin to restore their files.
So what makes healthcare organizations such an attractive target? There are several contributing factors.
1) Healthcare organizations often pay the ransom.
Healthcare organizations put a high priority on patient data security, and rightly so. According to the PwC Health Research Institute, nearly 40% of consumers would abandon or hesitate using a health organization if they learned it was hacked.
Security expert Mac McMillan was quoted by Healthcare IT News as saying:
“In most instances, the majority of security and law enforcement professionals would advise against paying the hackers, because, 1) there is no guarantee you will get the decryption key, and 2) there is the fear that it will encourage others to follow suit. I would argue that is easy advice to give if you are not the one looking down the barrel of the ransom note. Until you have walked in those shoes, you don't really know what you will do.”
Rather than take the risk, many organizations simply feel they and their patients will be safer by paying the ransom.
2) The perception is…healthcare is easy prey.
Cyber criminals, like any other brand of criminals, focus efforts on the easiest target with the highest perceived payoff. Many industries have hardened their defenses at a pace that far outstrips that of healthcare. In fact, one security firm ranked the healthcare industry in 9th place for its overall security compared to other industries.
“Where a financial-services firm might spend a third of its budget on information technology,
hospitals spend only about 2 to 3 percent. “
Chief information officer
Beth Israel Deaconess Medical Center in Boston.
3) Stolen healthcare records are the gift that keeps on giving.
Regardless of whether thieves collect any ransom, they can easily sell stolen patient records on the black market. In fact, most criminals would rather sell your data that attempt to use it. Why? Risk vs. Reward.
Stealing an identity and using it for financial gain not only takes time, but it also leaves a trail for investigators to follow. Quick cash can be made by simply selling stolen patient files.
How much is the data worth? Records can be auctioned off for as little as $12! That’s right…only $12; but $12 multiplied by thousands of records is a tempting score.
Threat intelligence analyst Terrance DeJesus says,
“Hackers are likely interested in healthcare because of a perception that it is less tech savvy than finance or other industries, and because the personal data from electronic medical records is attractive for identity theft.”
Specifics of a ransomware attack
Typically, an attacker will research and target a specific organization or even a high-level individual within the organization (whale-phishing). However, the techniques used to gain access to the network are usually quite familiar and even low-tech, most often including sending emails (seemingly from a known or trusted sender) that encourage the targeted victim to reveal confidential information (spear-phishing).
Once network access is acquired, malware can “lock” access to the system or encrypt sensitive files. Large amounts of money are then demanded to unlock the files or restore access to the system. (Generally, the attacker has a list of file extensions or folder locations that the ransomware will target.)
Due to military grade encryption algorithms, it can be nearly impossible to decrypt the files without the original encryption key – which only the attackers will have.
How to prevent ransomware
The federal government has even issued guidance for the healthcare industry and HIPAA in regards to ransomware. However, some common-sense prevention will greatly reduce the chances of a ransomware infection.
- Don’t click on any attachment or link in an email unless you have verified the source. Always be suspicious of any communication that seems “odd” or “out of place.” When in doubt, verify with your IT department before you do anything.
- Don’t delay verifying questionable emails with IT. Others in your organization may have received the same email. IT can typically respond to any threats with enough advanced warning.
- Ensure confidential, sensitive, or important files are securely backed up. Among the sucess stories, two hospitals (Ottawa Hospital and Methodist Hospital in Henderson, KY) fended off ransomware attacks because they had good backups and backup systems.
Are you confident that your organization is prepared to prevent or recover from ransomware and other security threats?
Interested in Healthcare Data Security?
Check out our blog
"Healthcare Security Demystified"