We’ve touched on the looming presence of ransomware in the healthcare industry in the past—but this year it hit especially close to home. In April 2017, Erie County Medical Center, located just a few miles from our Buffalo, NY office, was hit by a ransomware attack that took down the hospital's systems for 6 weeks.
For security professionals in this industry, the challenge lies in protecting patient files as attackers set their sights on valuable electronic health records—do we stand a chance?
Back to Ransomware Basics—How Attackers Launch These Threats
Before understanding the specific threats faced by the healthcare industry, security professionals must understand what they’re up against with ransomware attacks.
There are hundreds of different types of ransomware families, but all ransomware attacks have a similar framework:
- Social Engineering: Like many cyber attacks, ransomware attacks begin with an attacker compromising an individual through phishing/spear-phishing attacks. Once attackers have access to a machine on your network, they can launch the ransomware.
- Ransomware Execution: The malware is delivered via malicious links or attachments, executing quickly and encrypting target files. Encryption is done symmetrically, but the decryption key is then encrypted asymmetrically. This double encryption is what makes it impossible to get files back without the original decryption key.
- The Ransom: Attackers present victims with a note claiming files will be deleted or sold unless a ransom is paid to obtain the decryption key. This is the final step that is so heavily discussed in the news surrounding hospital attacks.
Attackers can follow this simple structure to launch ransomware threats against any industry. The question remains—why is the healthcare industry such a vulnerable target?
Patient Records vs. Credit Card Data—Why Healthcare Is the Perfect Ransomware Target
Recent research found that the healthcare industry is 114 times more likely to fall victim to ransomware attacks than the financial services industry. Financial institutions have traditionally been prime targets for data breaches, so why is ransomware so relentlessly focused on healthcare?
>> Download Now: IT Security Whitepaper
The main reason why healthcare is under such heavy fire from ransomware threats is the value of electronic patient records. If attackers can take a hospital’s records hostage, they are likely to be paid quickly due to the life-and-death nature of the situation. But more than that, attackers can maintain possession of patient records and reap valuable information such as:
- Social Security numbers
- Patient addresses
- Personal histories
- Birth dates
- Names of relatives
- And more
Credit card data can quickly change to combat stolen accounts, but health records give attackers the kind of value that has led to such dramatic volumes of ransomware threats on the industry.
What Can We Do About Ransomware in the Healthcare Industry?
The recent ransomware research claims that Cryptowall (the leading crypto-ransomware family) accounted for 94% of detected attacks in 2Q16. You might think this statistic indicates Cryptowall attacks should receive your full security attention—but this would be misguided.
Hackers are capable of modifying attack vectors at a rapid pace that cyber security solutions often can’t keep up with. If you focus on Cryptowall attacks, you’re likely to fall victim to a brand new ransomware family by the time you even find a way to stop Cryptowall.
Ransomware acts so quickly that patient records might seem almost impossible to defend. However, security experts say that regularly backing up data can at least keep you from having to pay ransoms to unlock files. Backing up your electronic health records is a good best practice regardless of ransomware threats, but it’s only a patchwork answer.
As ransomware continues to come to the forefront of the cyber security industry, vendors will release more powerful solutions for protection. However, this just gives you one more in-line security appliance to deploy. You need a plan in place to efficiently add ransomware solutions when the time comes.
Looking to add inline or out-of-band security monitoring solutions, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do.
