The advancement of technology is certainly a double-edged sword and no better example of that is your organization’s IP network. It can identify and authenticate both logical and physical access control transactions; stream and store vital video data; amass vast stores of informational data and records that are easily retrievable. Yet this workhorse of technology has vulnerabilities that seem to be uncovered almost every week by those dedicated to compromising your precious data.
The twist now, however, is that these so-called “data pirates” not only can steal or hold your information hostage; they want you to pay them to get it back. This relatively new world of “ransomware” attacks has affected several specific industry markets, but none more devastatingly than the healthcare sector. And the reason is simple. It's pure economics when you consider the black market value of private medical records are usually worth almost 50-times more than your run-of-the-mill stolen credit card or social security number because they contain much more personal information. According to a Ponemon report, criminal attacks like ransomware are the new leading cause of data breaches in the healthcare industry and have risen 125 percent since 2010.
Hospitals are being targeted because many lack the proper strategies and protocols to address these threats from the outset. When it comes to ransomware incidents there is often confusion since information is not covertly breached with the intent to steal but rather held hostage until officials pay to release it. The fact many hospitals fail to back up their patient data records or employ adequate network security make them more vulnerable.
The US Department of Homeland Security (DHS) and the Canadian Cyber Incident Response Centre jointly released an alert1 on March 31st containing the following definition:
“Ransomware is a type of malware that infects computer systems, restricting users’ access to the infected systems. Ransomware variants have been observed for several years and often attempt to extort money from victims by displaying an on-screen alert. Typically, these alerts state that the user’s systems have been locked or that the user’s files have been encrypted. Users are told that unless a ransom is paid, access will not be restored. The ransom demanded from individuals varies greatly but is frequently $200–$400 dollars and must be paid in virtual currency, such as Bitcoin.”
There have been at least a half-dozen high-profile ransomware attacks on healthcare facilities already in 2016. Perhaps the most brazen to date was directed at MedStar Health, one of the biggest employers in the Baltimore-Washington region, with 10 hospitals and 250 area clinics. In late March IT staff detected malware on the system and took all networks offline, then bringing in cybersecurity specialists and the FBI.
While this attack was in progress, the hospital system was adversely affected turning away patients and delaying critical care and procedures. The ransom note demanded 45 bitcoins, or approximately $19,000, in exchange for a decryption key that would unlock the Medstar systems.
“In some ways, healthcare is an easy target: Its security systems tend to be less mature than those of other industries, such as banking and tech, and its doctors and nurses depend on data to perform time-sensitive, life-saving work. Where a financial-services firm might spend a third of its budget on information technology, hospitals spend only about 2 to 3 percent. If you’re a hacker, would you go to Fidelity or an underfunded hospital? You’re going to go where the money is and the safe is easiest to open,” concluded John Halamka, the chief information officer of Beth Israel Deaconess Medical Center in Boston in a recent Washington Post interview.
The US Computer Emergency Readiness Team (US-CERT) within the DHS has established preventative guidelines for combating ransomware attacks (https://www.us-cert.gov/ncas/alerts/TA16-091A). It would be wise for all security professionals, not just IT staff, to understand the threat and know how to react in a crisis.
