Once a rare form of malware found primarily in Eastern Europe, ransomware is becoming more common, more stealthy, and more costly. In 2015, there were about 1,000 attacks per day, according to Symantec. In 2016, there have been days with 4,000 attacks. Most attacks are against individuals and feature demands for about $300. But attacks against corporations, including healthcare organizations, are increasing. In a recent HIMSS survey, about 75% of hospitals said they had either been attacked by ransomware or were not sure if they had been.
The story of Hollywood Presbyterian Medical Center shows what’s at stake when healthcare organizations become victims of ransomware. In February 2016, the hospital was hit by a ransomware attack that shut down critical systems for patient care. “The disruption was so severe that the hospital's central medical records system was largely unusable for 10 days, and some patients were transferred to other facilities for treatment,” according to the LA Times.
The attackers demanded $3.4 million to release the systems. The hospital countered with a smaller offer—40 Bitcoins or about $17,000—which the attackers eventually accepted. That agreement demonstrated to the world that ransomware against healthcare organizations pays.
As Kim Zetter, writing for Wired, points out:
Hospitals are the perfect mark for this kind of extortion because they provide critical care and rely on up-to-date information from patient records. Without quick access to drug histories, surgery directives and other information, patient care can get delayed or halted, which makes hospitals more likely to pay a ransom rather than risk delays that could result in death and lawsuits.
Hospitals also make an attractive target for ransomware because they are filled with specialized medical equipment, much of which is running old, unpatched software with no protection against malware. Once connected to the network, this equipment can become infected. Attackers can shut down the equipment in order to demand a ransom or use the equipment as a base for launching attacks against other IT resources in the hospital.
Ransomware was profitable long before attackers began targeting hospitals. For example, the FBI has estimated that in just six months in 2014, the authors of CryptoLocker ransomware earned $27 million from extorting victims. Now that attackers are targeting hospitals and other enterprises, the revenue from ransomware is only going to increase.
How can hospitals and other healthcare organizations protect themselves?
Four Steps for Preventing Ransomware Attacks
It’s important to remember that ransomware is simply a form of malware—malicious software that spreads the same way that traditional malware spreads, namely through phishing and other network-borne attacks. To defend against ransomware, enterprises can begin by ensuring that basic anti-malware controls are in place.
To minimize the risk of a ransomware attack, healthcare organizations, pharmaceutical companies and other enterprises should follow these steps:
Hospitals and other HCOs can keep their patient data and other enterprise content safe by deploying a secure content management platform such as kiteworks by Accellion. kiteworks is a critical solution for top HCOs like Kaiser Permanente, Seattle Children's Hospital, Indiana University Health, Trinity Health, and many others as it provides comprehensive security and visibility over the files that healthcare employees use everyday. kiteworks provides these specific features to counter malware:
In addition to these anti-malware features, kiteworks has an exhaustive list of data security and data privacy features that help hospitals and other healthcare organizations comply with HIPAA.
To learn more about kiteworks, please contact us.