By now, ransomware isn't anything new – these attacks have been capturing headlines for several years, particularly when high-profile targets including enterprises or law enforcement agencies are victims. However, a ransomware infection poses a unique set of challenges when it takes place within the health care sector.
Sensitive data increases the risk
According to Trend Micro research, attacks in the health care industry have been on the rise recently. While breaches have been reported in this industry since 2005, the sensitive nature of the records stored attracted an increasing amount of malicious activity. By 2009, hackers had collected more than 4 million stolen health care records, and that number only grew from there.
While businesses in the financial and retail sectors continue to be targets, these organizations simply don't store as much sensitive information.
"Health care service providers have huge databases that serve as a repository of customer information that's more extensive than any other industry or organization – the type that, when stolen, cannot be easily replaced," Trend Micro noted in a Security News report.
Ransomware: A severe threat
Since the beginning of 2016, the health care industry has seen several high-profile ransomware attacks, demonstrating the severe threat these instances pose:
- Hollywood Presbyterian Medical Center: CSO Online reported in mid-February that the hospital's network had been down for over a week as a result of a ransomware attack. Hackers demanded 9,000 in Bitcoin, or more than $3.6 million. Hospital officials are currently working with the LAPD as well as the FBI to identify the type of malware, as well as the attackers. Hospital executives were forced to declare an internal emergency, not only because of a loss of data and challenges accessing information, but also due to the fact that emergency room systems were affected by the infection. A range of platforms were taken offline because of the ransomware including those for CT scans, lab work, pharmacy processes and documentation. Certain patients were transported to other medical institutions, and staff had to revert to telephones and fax machines to complete essential procedures.
- British Association for Counselling & Psychotherapy: Also in mid-February, The Register reported that the website belonging to the BACP had been impacted by a ransomware infection. The site's main page had been replaced by a ransomware notification, noting that a ransom of $150 must be paid in Bitcoin for the return of the organization's encrypted data. Researchers discovered that Windows malware CTB-Locker is the infection being used. Overall, the organization's documents, photos, databases, scripts and other files remained encrypted by attackers.
Unique challenges of health care ransomware attacks
Although a ransomware infection creates challenges in any industry, it is particularly damaging for health care providers, as these cases show.
In the case of the Hollywood Medical Center, critical processes were interrupted, and staff had to forgo their use of essential computer systems due to the infection. Overall, not only were important platforms inaccessible, patient information was blocked as well. Even with backup and contingency plans in place, an emergency-related switch from computer-based processes to those involving legacy phone and fax machines can slow staff's ability to provide care. As noted in this case, patients had to be transferred to other facilities, as hospital employees were understandably unable to provide the normal level of care due to several critical systems, including those in the emergency room, being down.
BACP's infection demonstrates the challenges that a ransomware attack can pose when the organization's own website is infected. While staff was surely impacted, this instance heavily affects clients as well. As more health care providers leverage client-facing portals on their websites, an infection can make these resources inaccessible, and can prevent patients from gleaning the information they need.
Compounding the problem: Behind in security
Exacerbating the situation is the fact that the health care industry hasn't historically been as up to date as it could be with its cyber security efforts. In fact, Forrester analyst Stephanie Balaouras told Trend Micro that the sector is "woefully behind" when it comes to preparedness.
Trend Micro noted that some reasons for this security posture include perceived cost issues and tight security budgets, as well as a keen focus on daily processes as opposed to forward looking protection efforts.
Improving protection efforts
Thankfully, there are some things health care organizations can do to enhance their overall security and reduce the chances of successful ransomware and malware infections.
First, it's important to train staff members so that everyone in the organization understands the potential threats, as well as their responsibilities for protection. Many ransomware infections come as the result of a user opening a malicious attachment or link, typically sent via a phishing email. Employees should be trained to spot suspicious looking messages, and know not to open emails, links or attachments from unknown senders.
In addition, executives should carefully examine their entire network in an effort to pinpoint any weak points that can be exploited for unauthorized access. A network review of this kind can help decision-makers recognize areas or processes that can be better secured and improved upon. The organization should also have a network-based protection solution in place that can safeguard depending on heruistics and offers an added layer of protection.
Administrators and IT staff should also work together to ensure that all operating systems and critical applications have the proper security patches in place and are completely up-to-date. If supported has ended for a certain system, the institution should migrate to a later version that is supported to prevent any vulnerabilities.
If staff members utilize mobile devices – a practice that is becoming increasingly common – mature endpoint security solutions should be in place. These protection systems should have antimalware, antispam and antiphishing capabilities.
It can also be helpful to leverage other security solutions that not only address protection needs, but align with the organization's compliance requirements as well. In this way, the risks associated with the current threat environment can be lessened, and industry standards are maintained.