Whilst healthcare providers and healthcare industry vendors cannot afford to disregard HIPAA, a new threat has emerged and is poised to become much larger: ransomware attacks on hospitals and healthcare providers that are not trying to breach patient information but instead provide it inaccessible until the organization pays a hefty ransom.
In just recent weeks, the following major ransomware assaults on healthcare facilities have occurred:
In February 2016, hackers utilized a piece of ransomware called Locky to attack Hollywood Presbyterian Medical Center in Los Angeles, rendering the organization’s computers inoperable. After a week, the hospital gave in to the hackers’ demands and compensated a $17, 000. 00 Bitcoin ransom for the key to unlock their computers.
In early March 2016, Methodist Hospital in Henderson, Kentucky, was also attacked using Locky ransomware. Instead of paying the ransom, the organization restored the data from backups. Nevertheless , the hospital was forced to declare the “state of emergency” that lasted for approximately three days.
In late March, MedStar Health, which operates 10 hospitals and over 250 outpatient clinics in the Maryland/DC area, fell victim to a ransomware attack. The organization immediately shut down its network to avoid the attack from spreading and began to gradually restore data through backups. Although MedStar’s hospitals and clinics remained open, employees were unable to access email or electronic health records, and patients were unable to generate appointments online; everything had to get back to paper.
Likely, this is only the beginning. A recent study by the Health Information Rely on Alliance found that 52% associated with U. S. hospitals’ systems were infected by malicious software.
What exactly is ransomware?
Ransomware is malware that will renders a system inoperable (in importance, holding it hostage) until the ransom fee (usually demanded within Bitcoin) is paid to the hacker, who then provides a key to unlock the system. As opposed to many other forms of cyber attacks, which usually seek to gain access to the data on a system (such as credit card information and Social Safety numbers), ransomware simply locks the data down.
Hackers usually employ social engineering techniques – such as phishing emails and free software downloading – to get ransomware onto a process. Only one workstation needs to be infected regarding ransomware to work; once the ransomware has infected a single workstation, it traverses the targeted organization’s network, encrypting files on both mapped and unmapped network drives. Given enough time, it might even reach an organization’s back-up files – making it impossible to bring back the system using backups, as Methodist Hospital and MedStar did.
Once the files are encrypted, the ransomware displays a pop-up or a web page explaining that the files have been secured and giving instructions on how to pay to unlock them (some MedStar employees reported having seen such a pop-up before the system was shut down).
If you enjoyed this information and you would like to get even more info regarding daily cyber security news kindly check out the webpage.
The ransom is nearly always demanded in the form of Bitcoin (abbreviated as BTC), an untraceable “cryptocurrency. ” Once the ransom is paid, the hacker promises, a decryption key is going to be provided to unlock the documents.
Unfortunately, because ransomware perpetrators are usually criminals – and thus, untrustworthy to begin with – paying the ransom is not guaranteed to work. An organization may pay out hundreds, even thousands of dollars and obtain no response, or receive a crucial that does not work, or that does not fully work. For these reasons, as well as to deter long term attacks, the FBI recommends that ransomware victims not cave within and pay. However , some agencies may panic and be unable to workout such restraint.
Because of this, ransomware assaults can be much more lucrative for hackers than actually stealing data. Every set of data is stolen, the particular hacker must procure a purchaser and negotiate a price, but in a ransomware attack, the hacker currently has a “buyer”: the owner of the information, that is not in a position to negotiate on cost.
Why is the healthcare industry getting targeted in ransomware attacks?
There are several reasons why the healthcare industry has turned into a prime target for ransomware assaults. First is the sensitivity and significance of healthcare data. A company that offers, say, candy or pet items will take a financial hit if it can not access its customer data for a few days or a week; orders might be left unfilled or delivered late. However , no customers will be harmed or die if a box associated with chocolates or a dog bed isn’t delivered on time. The same cannot be mentioned for healthcare; physicians, nurses, and other medical professionals need immediate and continuous access to patient data to prevent accidents, even deaths.