You are here


Protecting Healthcare Organizations from Ransomware

Posted by Marianna Prodan
ransomware is becoming more common, more stealthy, and more costly

Once a rare form of malware found primarily in Eastern Europe, ransomware is becoming more common, more stealthy, and more costly. In 2015, there were about 1,000 attacks per day, according to Symantec. In 2016, there have been days with 4,000 attacks. Most attacks are against individuals and feature demands for about $300. But attacks against corporations, including healthcare organizations, are increasing. In a recent HIMSS survey, about 75% of hospitals said they had either been attacked by ransomware or were not sure if they had been. 

The story of Hollywood Presbyterian Medical Center shows what’s at stake when healthcare organizations become victims of ransomware. In February 2016, the hospital was hit by a ransomware attack that shut down critical systems for patient care. “The disruption was so severe that the hospital's central medical records system was largely unusable for 10 days, and some patients were transferred to other facilities for treatment,” according to the LA Times

The attackers demanded $3.4 million to release the systems. The hospital countered with a smaller offer—40 Bitcoins or about $17,000—which the attackers eventually accepted. That agreement demonstrated to the world that ransomware against healthcare organizations pays.

As Kim Zetter, writing for Wired, points out:

Hospitals are the perfect mark for this kind of extortion because they provide critical care and rely on up-to-date information from patient records. Without quick access to drug histories, surgery directives and other information, patient care can get delayed or halted, which makes hospitals more likely to pay a ransom rather than risk delays that could result in death and lawsuits.

Hospitals also make an attractive target for ransomware because they are filled with specialized medical equipment, much of which is running old, unpatched software with no protection against malware. Once connected to the network, this equipment can become infected. Attackers can shut down the equipment in order to demand a ransom or use the equipment as a base for launching attacks against other IT resources in the hospital.

Ransomware was profitable long before attackers began targeting hospitals. For example, the FBI has estimated that in just six months in 2014, the authors of CryptoLocker ransomware earned $27 million from extorting victims. Now that attackers are targeting hospitals and other enterprises, the revenue from ransomware is only going to increase.

How can hospitals and other healthcare organizations protect themselves?

Four Steps for Preventing Ransomware Attacks

It’s important to remember that ransomware is simply a form of malware—malicious software that spreads the same way that traditional malware spreads, namely through phishing and other network-borne attacks. To defend against ransomware, enterprises can begin by ensuring that basic anti-malware controls are in place.

To minimize the risk of a ransomware attack, healthcare organizations, pharmaceutical companies and other enterprises should follow these steps:

  1. Deploy rigorous network security controls, including state-of-the-art firewalls and intrusion detection systems to block malware and other network-borne attacks.
  2. Ensure that end user devices, including desktops, laptops, tablets, and smartphones, include anti-virus (AV) technology that scans for malware and stops it if/when it’s identified.
  3. Train employees to be wary of clicking on links and attachments in suspicious emails. Again, most ransomware is spread through phishing attacks. Teaching employees not to click on an unexpected invoice file or spreadsheet is an important part of defending against ransomware and other forms of malware.
  4. Ensure that every important file is regularly backed up, and that these backed-up files are routinely scanned for malware so that restoring files does not retrigger a ransomware attack.

Hospitals and other HCOs can keep their patient data and other enterprise content safe by deploying a secure content management platform such as kiteworks by Accellion. kiteworks is a critical solution for top HCOs like Kaiser Permanente, Seattle Children's Hospital, Indiana University Health, Trinity Health, and many others as it provides comprehensive security and visibility over the files that healthcare employees use everyday. kiteworks provides these specific features to counter malware:

  • AV scanning on mobile devices and for all files uploaded through kiteworks to any Enterprise Content Management (ECM) platform, such as Microsoft SharePoint, Documentum and OpenText being managed through kiteworks.
  • Secure containers, restricted area storage and memory that isolates and protects content from other content, including personal content, on mobile devices.
  • Controls to block employees from uploading suspicious content types to any ECM platform or cloud service, such as Google Drive, being managed through kiteworks.

In addition to these anti-malware features, kiteworks has an exhaustive list of data security and data privacy features that help hospitals and other healthcare organizations comply with HIPAA.

To learn more about kiteworks, please contact us.