<img height="1" width="1" style="display:none;" alt="" src="https://px.ads.linkedin.com/collect/?pid=2975524&amp;fmt=gif">
BLOG

Hijacking Healthcare: Ransomware Attacks vs. Health Record Security

September 12, 2017

We’ve touched on the looming presence of ransomware in the healthcare industry in the past—but this year it hit especially close to home. In April 2017, Erie County Medical Center, located just a few miles from our Buffalo, NY office, was hit by a ransomware attack that took down the hospital's systems for 6 weeks.

For security professionals in this industry, the challenge lies in protecting patient files as attackers set their sights on valuable electronic health records—do we stand a chance?

Back to Ransomware Basics—How Attackers Launch These Threats

Before understanding the specific threats faced by the healthcare industry, security professionals must understand what they’re up against with ransomware attacks. 

There are hundreds of different types of ransomware families, but all ransomware attacks have a similar framework:

  • Social Engineering: Like many cyber attacks, ransomware attacks begin with an attacker compromising an individual through phishing/spear-phishing attacks. Once attackers have access to a machine on your network, they can launch the ransomware.
  • Ransomware Execution: The malware is delivered via malicious links or attachments, executing quickly and encrypting target files. Encryption is done symmetrically, but the decryption key is then encrypted asymmetrically. This double encryption is what makes it impossible to get files back without the original decryption key.
  • The Ransom: Attackers present victims with a note claiming files will be deleted or sold unless a ransom is paid to obtain the decryption key. This is the final step that is so heavily discussed in the news surrounding hospital attacks.

Attackers can follow this simple structure to launch ransomware threats against any industry. The question remains—why is the healthcare industry such a vulnerable target?

Patient Records vs. Credit Card Data—Why Healthcare Is the Perfect Ransomware Target

Recent research found that the healthcare industry is 114 times more likely to fall victim to ransomware attacks than the financial services industry. Financial institutions have traditionally been prime targets for data breaches, so why is ransomware so relentlessly focused on healthcare?

 

>> Download Now: IT Security Whitepaper

 

The main reason why healthcare is under such heavy fire from ransomware threats is the value of electronic patient records. If attackers can take a hospital’s records hostage, they are likely to be paid quickly due to the life-and-death nature of the situation. But more than that, attackers can maintain possession of patient records and reap valuable information such as:

  • Social Security numbers
  • Patient addresses
  • Personal histories
  • Birth dates
  • Names of relatives
  • And more

Credit card data can quickly change to combat stolen accounts, but health records give attackers the kind of value that has led to such dramatic volumes of ransomware threats on the industry.

What Can We Do About Ransomware in the Healthcare Industry?

The recent ransomware research claims that Cryptowall (the leading crypto-ransomware family) accounted for 94% of detected attacks in 2Q16. You might think this statistic indicates Cryptowall attacks should receive your full security attention—but this would be misguided.

Hackers are capable of modifying attack vectors at a rapid pace that cyber security solutions often can’t keep up with. If you focus on Cryptowall attacks, you’re likely to fall victim to a brand new ransomware family by the time you even find a way to stop Cryptowall.

Ransomware acts so quickly that patient records might seem almost impossible to defend. However, security experts say that regularly backing up data can at least keep you from having to pay ransoms to unlock files. Backing up your electronic health records is a good best practice regardless of ransomware threats, but it’s only a patchwork answer.

As ransomware continues to come to the forefront of the cyber security industry, vendors will release more powerful solutions for protection. However, this just gives you one more in-line security appliance to deploy. You need a plan in place to efficiently add ransomware solutions when the time comes. 

Looking to add inline or out-of-band security monitoring solutions, but not sure where to start? Join us for a brief network Design-IT consultation or demo. No obligation - it’s what we love to do.

IT security garland Technology tool deployment

See Everything. Secure Everything.

Contact us now to secure and optimized your network operations
Contact Us

Heartbeats Packets Inside the Bypass TAP

If the inline security tool goes off-line, the TAP will bypass the tool and automatically keep the link flowing. The Bypass TAP does this by sending heartbeat packets to the inline security tool. As long as the inline security tool is on-line, the heartbeat packets will be returned to the TAP, and the link traffic will continue to flow through the inline security tool.

If the heartbeat packets are not returned to the TAP (indicating that the inline security tool has gone off-line), the TAP will automatically 'bypass' the inline security tool and keep the link traffic flowing. The TAP also removes the heartbeat packets before sending the network traffic back onto the critical link.

While the TAP is in bypass mode, it continues to send heartbeat packets out to the inline security tool so that once the tool is back on-line, it will begin returning the heartbeat packets back to the TAP indicating that the tool is ready to go back to work. The TAP will then direct the network traffic back through the inline security tool along with the heartbeat packets placing the tool back inline.

Some of you may have noticed a flaw in the logic behind this solution!  You say, “What if the TAP should fail because it is also in-line? Then the link will also fail!” The TAP would now be considered a point of failure. That is a good catch – but in our blog on Bypass vs. Failsafe, I explained that if a TAP were to fail or lose power, it must provide failsafe protection to the link it is attached to. So our network TAP will go into Failsafe mode keeping the link flowing.

Glossary

  1. Single point of failure: a risk to an IT network if one part of the system brings down a larger part of the entire system.

  2. Heartbeat packet: a soft detection technology that monitors the health of inline appliances. Read the heartbeat packet blog here.

  3. Critical link: the connection between two or more network devices or appliances that if the connection fails then the network is disrupted.

NETWORK MANAGEMENT | THE 101 SERIES