<img alt="" src="https://secure.hims1nice.com/151009.png" style="display:none;">
" style="background-color: #2c3e50;">


Ransomware in Healthcare Organizations [is your patient data safe]

Posted by Brad Watson on Apr 28, 2017 11:57:31 AM
Brad Watson
Find me on:

Data Security and Cloud Backup with KiZAN


In the 2nd quarter of 2016, 88% of all ransomware attacks targeted healthcare entities.  In one high-profile case, Hollywood Presbyterian Medical Center in Los Angeles paid $17, 000 in bitcoin to restore their files

So what makes healthcare organizations such an attractive target?  There are several contributing factors.

1) Healthcare organizations often pay the ransom.

Healthcare organizations put a high priority on patient data security, and rightly so.  According to the PwC Health Research Institute, nearly 40% of consumers would abandon or hesitate using a health organization if they learned it was hacked. 

Security expert Mac McMillan was quoted by Healthcare IT News as saying:

“In most instances, the majority of security and law enforcement professionals would advise against paying the hackers, because, 1) there is no guarantee you will get the decryption key, and 2) there is the fear that it will encourage others to follow suit. I would argue that is easy advice to give if you are not the one looking down the barrel of the ransom note. Until you have walked in those shoes, you don't really know what you will do.”


Rather than take the risk, many organizations simply feel they and their patients will be safer by paying the ransom.

Connect with KiZAN on Linkedin

2) The perception is…healthcare is easy prey.

Cyber criminals, like any other brand of criminals, focus efforts on the easiest target with the highest perceived payoff.  Many industries have hardened their defenses at a pace that far outstrips that of healthcare.  In fact, one security firm ranked the healthcare industry in 9th place for its overall security compared to other industries.

“Where a financial-services firm might spend a third of its budget on information technology,
hospitals spend only about 2 to 3 percent. “

John Halamka
 Chief information officer
Beth Israel Deaconess Medical Center in Boston.


3) Stolen healthcare records are the gift that keeps on giving.

Patient Data is a valuable commodity.  Is your data secure?

Regardless of whether thieves collect any ransom, they can easily sell stolen patient records on the black market.  In fact, most criminals would rather sell your data that attempt to use it.  Why?  Risk vs. Reward. 

Stealing an identity and using it for financial gain not only takes time, but it also leaves a trail for investigators to follow. Quick cash can be made by simply selling stolen patient files. 

How much is the data worth?  Records can be auctioned off for as little as $12!  That’s right…only $12; but $12 multiplied by thousands of records is a tempting score.

Threat intelligence analyst Terrance DeJesus says,

“Hackers are likely interested in healthcare because of a perception that it is less tech savvy than finance or other industries, and because the personal data from electronic medical records is attractive for identity theft.”


Specifics of a ransomware attack

Typically, an attacker will research and target a specific organization or even a high-level individual within the organization (whale-phishing).  However, the techniques used to gain access to the network are usually quite familiar and even low-tech, most often including sending emails (seemingly from a known or trusted sender) that encourage the targeted victim to reveal confidential information (spear-phishing).

(Note the high-profile DNC/John Podesta/Wiki-leaks scandal).

Once network access is acquired, malware can “lock” access to the system or encrypt sensitive files.  Large amounts of money are then demanded to unlock the files or restore access to the system.  (Generally, the attacker has a list of file extensions or folder locations that the ransomware will target.)

Due to military grade encryption algorithms, it can be nearly impossible to decrypt the files without the original encryption key – which only the attackers will have.


How to prevent ransomware

Given the nature of the attacks, hospitals face two challenges:

  1. Designing systems that can resist attack
  2. Training employees

The federal government has even issued guidance for the healthcare industry and HIPAA in regards to ransomware. However, some common-sense prevention will greatly reduce the chances of a ransomware infection. 

Use OneDrive for Business to securely store files(OneDrive for Business cloud backup may be a good fit for your organization to store sensitive files.


Are you confident that your organization is prepared to prevent or recover from ransomware and other security threats?  



Doctor working on a laptop at the office.jpegInterested in Healthcare Data Security?

Check out our blog

"Healthcare Security Demystified"

 Read Now


Topics: Security, Disaster Recovery, Business Continuity

Subscribe Here!