Ransomware is not a new thing. The first newsworthy attack occured almost 30 years ago, shockingly. So why is it making headlines now? The greatest strength of hackers is their ability to evolve. Every time we figure out how to prevent a data breach, they come up with a new twist on an old scam. In the last year and a half, they’ve taken ransomware to a new level by taking medical data hostage. We’ve shared several stories about these hospital attacks in the past year. But, what is it about the hospital environment that makes them the perfect target?
The writers at Wired have some thoughts on the matter:
Hospitals are the perfect mark for this kind of extortion because they provide critical care and rely on up-to-date information from patient records. Without quick access to drug histories, surgery directives and other information, patient care can get delayed or halted, which makes hospitals more likely to pay a ransom rather than risk delays that could result in death and lawsuits.
“If you have patients, you are going to panic way quicker than if you are selling sheet metal,” says Stu Sjouwerman, CEO of the security firm KnowBe4. Hospitals are a good target for another reason as well: they “have not trained their employees on security awareness … and hospitals don’t focus on cybersecurity in general,” he says. Instead, their primary concern is HIPAA compliance, ensuring that employees meet the federal requirements for protecting patient privacy.
Last month, attackers took computers belonging to the Hollywood Presbyterian Medical Center in Los Angeles hostage using a piece of ransomware called Locky. Computers were offline for more than a week until officials caved to the extortionists’ and paid the equivalent of $17,000 in Bitcoin.
Earlier this month, Methodist Hospital in Henderson, Kentucky was struck by Locky as well, an attack that prevented healthcare providers from accessing patient files. The facility declared a “state of emergency” on a Friday but by Monday was reporting that its systems were “up and running.” Methodist officials, however, said they did not pay the ransomware; administrators in that case had simply restored the hospital’s data from backups.
Then this week, news broke that MedStar Health, which operates 10 hospitals and more than 250 out-patient clinics in the Maryland/Washington, DC area, was hit by a virus that may be ransomware. MedStar wrote in a Facebook post that its network “was affected by a virus that prevents certain users from logging-in to our system,” but a number of employees told the Washington Post that they saw a pop-up screen appear on their computers demanding payment in Bitcoin. The organization responded immediately by shutting down large portions of its network. Employees were unable to access email or a database of patient records, though clinics and other facilities remained open and operating.
How can you protect yourself?
These victims are generally infected via a phishing attack that contains a malicious link or download. Your best protection against an attack is thorough and regular data backup combined with employee education. In the event of an attack, disconnect infected systems from the network, disable Wi-Fi and Bluetooth, and remove any external hard drives ASAP. Then, call a backup and recovery expert, like Great Lakes Computer. We are experts in all things IT. We can provide a host of services that can help protect you against data loss like:
Contact us today to get your data the protection you need.