Hospitals Are Huge Targets For Ransomware
Hospitals are quickly becoming the hot target for ransomware attacks. There has been a rash of attacks on hospitals in the United States recently, with ransomware locking up patient files and preventing the hospitals from scheduling appointments, surgeries, and more. The hackers have been asking for modest sums of money — probably in hopes that the hospitals will simply pay up rather than give up. One hospital paid the attackers and one restored from a backup.
Ransomware works by locking up and encrypting the files on a computer or network. The encryption is virtually unbreakable unless you have they key – which will be supplied in exchange for a cash “ransom” usually payable by Bitcoins to a cloaked account. They are very insidious and expensive malwares to get.
The reason that hospitals are becoming popular targets for these hackers is because there’s a lot at stake and a lot more to lose with a hospital, and if they can’t get to their files they are more apt to panic and just pay the ransom. Moreso than if the ransomware hits a company that sells flowers, for instance. In March of 2016 Hackers took the computer systems of Hollywood Presbyterian Medical Center hostage with the “Locky” strain of ransomware. The hospital ended up caving in to the 17,000 demand of the hackers because they didn’t have a backup or adequate replacement system.
Methodist Hospital in Henderson Kentucky fared a bit better. They went offline with an attack by the Locky ransomware but were back up inside of a weekend thanks to the fact that they simply restored from a backup.
These cases are definitely warnings for other hospital systems that they need to beef up security, have contingency plans in place, and train staff on the importance of computer security — ie how to spot phishing attacks and how to prevent malware from getting on the systems in the first place. Ransomware is often spread through phishing — getting a user to click a link or download an attachment in an “official looking” email. But it can also spread through infected advertisements on websites.
Another point made by WIRED magazine is that hospitals are primarily concerned with ensuring that their staff follows HIPPA and other privacy protocol. They were less likely to be aware of acute security concerns. However the times they are a changin’, and it is highly recommended that hospital staff become trained in preventing security attacks.
Ransomware is also a huge business – the FBI estimates that the hackers behind the famous Cryptolocker strain of ransomware made off with about $27 million dollars in six months. Ransomware architects are also upping the ante by creating ransomware that not only locks local files but files on servers as well as hunting down backups and encrypting them as well. It’s getting crazy out there.
For those affected (and those looking to educate themselves) there is a “hostage manual” written by Adam Alessandrini for the security group KnowBe4. It would behoove any business large or small to read this manual and ensure that they are taking proper steps in order to prevent ransomware attacks and what to do if it happens.
The first response should not be to pay the ransom – that should be reserved for the most dire cases. In some cases hospitals had reverted to pen and paper scheduling, which was a great option until they could get their servers back online using their backups.
The point is, every business needs to be aware of all the potential security holes in their system. Employees NEED to be aware of common phishing strategies. Backup plans should be in place. If a company cannot do this in-house then a security firm should be contacted to set up a consultation. Protect yourself now before it’s too late.
“The first response should not be to pay the ransom”
This might be surprising but the FBI actually recommends that you just pay the ransom (in the case of healthcare providers of course). I suppose this might only apply in cases where there’s no backup data to restore though; on the other hand, if paying the ransom prevents the data from being released onto the dark web (not sure if that’s the case) then I’d obviously say pay the ransom every time.