Skip links

Ransomware still threatens the healthcare industry

Ransomware, widely considered the fastest-growing malware hazard of the 21st century, continues to threaten the healthcare industry’s uptime, profits, and brand reputation. 

Famous ransomware victims like Universal Health Services (UHS) and the Hollywood Presbyterian Medical Center only partially reflect the magnitude of the threat, which is global in scope and continues to expand at a frightening pace. Healthcare executives need to deploy a battery of technologies, procedures, and policies to prevent ransomware attacks from bringing down critical systems across their institutions, from patient records to care management to point-of-care instrumentation. 

Don’t be a victim of ransomware. Contact us today!

How ransomware affects healthcare providers and other industries 

Ransomware is malicious software that infects computer servers, desktops, laptops, tablets, and smartphones, infiltrating various mechanisms and often spreading laterally across an institution from one device to another. Once it infects a system, the virus quietly encrypts every data file it finds, then displays a ransom note to the user. The extortion message starts by demanding an online payment of anywhere from hundreds to thousands of dollars (generally in some untraceable cryptocurrency like Bitcoin). Once the ransom is paid, the extortionist promises to provide the decryption keys needed to restore the user’s locked files. The demand often includes a series of deadlines for payment: each missed deadline leads to a higher ransom demand and perhaps some destroyed files. If the victim doesn’t pay up, the attacker discards the decryption keys, making the data permanently inaccessible. 

In the US, ransomware gangs explicitly target healthcare more than any other industry sector, understanding that holding critical applications and patient data hostage can put lives at risk, so healthcare institutions are likelier to pay the ransom quickly. Criminals also like to target the healthcare sector for its reliance on ancient legacy IT systems and increasingly new Internet-connected specialty devices like thermostats, lights, video cameras, temperature sensors, and patient monitors. Both classes of systems tend to have limited upgradeability and poor security features that provide easily exploitable backdoors for ransomware attacks. 

Hardly a week goes by without news of another successful ransomware attack on the healthcare industry. Here are just a few: 

    • Universal Health Services (UHS), with over 400 hospitals, experienced a ransomware attack that caused $67 million in pre-tax losses. The breach put lives at risk and loss of revenue because of the diversion of patients to other non-UHS hospitals.
    • The Hollywood (California, USA) Presbyterian Medical Center was forced to manual pen-and-paper operations for four days in response to a ransomware attack. It paid a $17,000 ransom to remedy. 
    • Hancock Health (Indiana, USA) lost access to its email, electronic health records, and internal operating systems and operated on pen-and-paper for days before paying a $55,000 ransom. 
    • Erie County Medical Center (New York, USA) lost access to 6000 computers, requiring six weeks of manual operations and a recovery process that ultimately cost $10M.
       

How ransomware got to be a malware epidemic 

The reasons for the rapid growth of this particular category of malware are primarily attributable to its evolution from a one-time cottage industry to a modern, criminal version of the software-as-a-service business (SaaS). Ransomware gangs copied the model of tech vendors like Salesforce.com, continually and rapidly developing and improving their product and relying on a network of distributors to get it onto as many machines as possible. In the case of ransomware, the distributors are lower-level, unskilled criminals who use various techniques to attack victims, including phishing emails with infected web links or attachments and fake websites that invisibly download malware to users that visit them. Exploiting operating system vulnerabilities that are not widely known (so-called zero-day exploits) and thus likely to be unpatched are other popular techniques used in the WannaCry and NotPetya ransomware outbreaks. 

Under this so-called ransomware-as-a-service model, criminal software engineers are constantly turning out ransomware variants to take advantage of various vulnerabilities in operating systems, applications, and user behaviors. This way, the criminals stay one step ahead of business IT and security staffers and the tech vendors they rely on for defensive measures. In parallel, these ransomware gangs have also developed sophisticated distribution, monitoring, notification, and payment infrastructures available to their “distributors” for free. All would-be criminals need to do to get into the ransomware distribution racket is download some very simple-to-use software tools and start spreading the virus around. The developers and the distributors then split the profits of victims who pay the ransom. 

How healthcare providers can fight back against ransomware 

In the face of this rapidly-growing threat, healthcare providers can take some concrete steps to protect their systems from the operational disruptions and high costs of successful ransomware attacks. Step one is to educate employees on the techniques that ransomware distributors use, teaching them to be wary of the email with links, websites they visit, and opening attachments. 

Good network and security hygiene measures remain essential, like segmenting networks to make it harder for ransomware to spread from system to system, keeping endpoint anti-malware software up-to-date, and patching known vulnerabilities in operating systems and applications as quickly as possible. 

Finally, given the high success rate of ransomware attacks, it is imperative to institute a rigorous backup regimen and keep multiple copies of critical business and patient data both locally, offsite, and in the cloud.  Routine, frequent backup remains the most foolproof defense against ransomware. If your systems are compromised, you can identify the onset of the attack and restore your systems from clean backups created before the incursion. 

Law enforcement and security experts agree that paying the ransom is a very poor defense. Over half of ransomware victims who pay do not successfully recover their files. Either because the extortionists fail to deliver the promised keys or have implemented the encryption/decryption algorithms so poorly that the keys won’t work. 

HIPAA compliant cybersecurity solution 

Acronis SCS Cyber Protect Cloud makes it easier for healthcare facilities to stay ahead of shifts in the cybersecurity landscape. It offers a full suite of certified-compliant data backup, security, and disaster recovery solutions designed specifically for your needs. 

HIPAA compliance is not a current requirement of the U.S. Department of Health and Human Services (HSS). However, at Acronis SCS, we do everything possible to ensure the data within your healthcare organization and that of your patients are fully protected. Our solution is HIPAA compliant to guarantee the highest levels of data confidentiality and integrity standards. This helps keep your patient data secure from cyber threats while remaining accessible to those who need it. 

To avoid becoming victims of the next ransomware attack, healthcare providers must, at a minimum, deploy the basic measures outlined above. Plus, consider deploying leading-edge certified-compliant technologies for ransomware defense like Acronis SCS Cyber Protect Cloud. 

Don’t be a victim of ransomware. Contact us today!