In February, the Hollywood Presbyterian Medical Center became victim to one of the most memorable cyber attacks to date. A group of unknown hackers managed to execute a ransomware intrusion that encrypted the facility's files, forcing staff to communicate with fax machines and hand write notes and records. Patient care was unaffected for the most part, but ambulance traffic was being redirected when possible to other nearby hospitals.
Initially, reports claimed that hackers were asking for more than $3 million to unlock the files. Fortunately, these number were gravely inflated. Nevertheless, the hospital did end up turning over $17,000 to regain access to its files.
The cyber attack made international headlines mainly because it was unprecedented. Not only did hackers go after an institution that helps the sick and injured, they used extortion to do it and they were extremely successful. At the time, the incident seemed like a one-off occurrence. Within weeks, it became painfully apparent that it was just the beginning of new trend.
The exception becomes the rule
Ransomware quickly made it back into the news cycle in mid-March when hackers managed to use Locky malware to encrypt the files on The Methodist Hospital in Kentucky, forcing the institution to operate under an "internal state of emergency." According to HealthcareITNews, the hospital was able to remediate the situation after five days without having to pay the ransom.
About a week later, two more hospitals in Southern California were victimized by ransomware. Hackers managed to infiltrate computer systems at Chino Valley Medical Center and Desert Valley Hospital and install encryption malware, according to the Los Angeles Times. By now, what had started as an exceptional event was clearly becoming a common occurrence.
A dangerous strain emerges
Lightning struck again in Maryland in late March, but in a different way. When MedStar Health reported that hackers had shut down systems in its Baltimore hospitals, it wasn't necessarily a shock given the string of extorted facilities that came before it. However, the encryption malware used this time around wasn't your garden variety.
In a recent blog post, Trend Micro discussed Samsam, a strain of crypto-ransomware malware that targets unpatched servers specifically Java-based application servers, and most notably JexBoss.
"The infected server is then used to spread the ransomware client to Windows machines by moving laterally through the network," Trend Micro wrote.
According to Ars Technica, this is the strain of malware responsible for locking down MedStar facilities in Maryland. In the future, Samsam and similar vcrypto-ransomware are expected to continue to cause problems, especially for health care organizations, law enforcement and increasingly, educational institutions. In fact, the FBI recently issued an emergency request for assistance in tackling the ever-worsening ransomware situation, according to Reuters.
What lies ahead?
Organizations, and hospitals in particular, are in a tough spot. Once ransomware strikes, these facilities' options are limited. On a plus side, not all of the hospitals that have been infected met the hackers' demands. These institutions did not share how they managed to avoid paying the ransom; however, it's not unlikely that it cost them a decent amount of time and money to find an alternative solution. There really is no way to walk away from a ransomware attack completely unscathed except to prevent it in the first place.
Not to mention, if the ransomware rampage continues unabated, cyber criminals may started demanding larger ransoms. It's technically not in a hacker's best interest to ask for an impossibly large sum, as this reduces the chance they'll get paid at all. Nevertheless, security expert Brian Krebs estimates that ransomware attacks will only become more targeted, and he worries that hackers may get better at estimating the true value of encrypted data, which may give them leverage to demand higher ransoms.
As the ransomware epidemic facing hospitals goes from bad to worse, health care institutions must find new ways to strengthen cyber security. A layered approach that focuses on prevention including frequent software patching, advanced email and endpoint security, strict application controls, a robust backup plan and having a worst-case scenario plan in place are all great places to start