Ransomware has exploded back onto the cybercrime scene with a vengeance, and healthcare organizations have been far from immune.
This reality hit home earlier this year when Hollywood Presbyterian Medical Center admitted paying a ransom to get its data back. But other incidents such as the attack on Titus Regional Medical Center in Texas and Lukas Hospital in Germany have underscored just how dire the situation is becoming.
It should come as no surprise to healthcare organizations that they are being targeted. Every hospital, doctor’s office, or medical facility is home to troves of personally-identifiable information. On the cyber-underground, it is not uncommon for hospital “fullz” – personal identity and medical information – to be sold to interested buyers on the dark web. That data needs to be protected, and not just from theft. The flow of patient data to the right people in a timely manner is vital to the healthcare business, making those organizations ideal targets for ransomware attacks.
Right now, there are numerous types of ransomware available for cybercriminals to purchase, and attackers are getting more sophisticated in using them. During February and March of 2016, SecureWorks analysts responded to several ransomware incidents that appear to have been initiated by the same threat group or threat actor. The analysts determined the infections were the result of a threat actor accessing the targeted infrastructure through an under-managed, Java-based enterprise application platform and then deploying ransomware to a number of systems.
This trend of more extensive, enterprise-wide ransomware infections was observed throughout the first quarter of 2016 and had a significant impact on both the healthcare industry and a number of verticals. Instead of only one system being infected, in this style of attack multiple systems within the compromised infrastructure were hit. Given the number of potential endpoints accessing information in a healthcare environment, the challenge facing the industry is far from minor.
Addressing ransomware requires not only having strong antivirus and network security controls in place, but also a strong understanding of the business criticality of all the systems in the environment. Knowing which systems will have a significant impact to operations if they go down is the type of knowledge that can inform where the strongest emphasis should be put for security.
Properly managing the backup and recovery process is also important. The Health Insurance Portability and Accountability Act (HIPAA) mandates that healthcare organization back up information, and dedicated backup software that makes full copies of hard disk drives and saves them externally can be just the cure the doctor ordered in the event of a ransomware attack.
Given the potential business disruption, the growth of these attacks should also serve as a reminder to organizations of the importance of security awareness training. Malicious email attachments are still a vector for attacks, as are malicious webpages laced with exploit kits such as Angler. By staying alert, employees can serve as another line of defense to keep ransomware from endangering the data, reputations, and - most importantly – patients of healthcare organizations.