Ransomware grows in sophistication, new strains uncovered

Despite the countless advantages digital platforms such as electronic health records and medical billing software bring to the healthcare industry, a major problem these platforms present is a heightened risk of security breaches and cyber crime. Patient health information is particularly vulnerable, because the data is lucrative for criminals. After all, most personal patient health records will contain sensitive information such as social security numbers and home addresses. 

Ransomware attacks on the rise
One type of cyber crime becoming increasingly prevalent is ransomware attacks. According to the U.S. Federal Bureau of Investigation, the year 2015 in particular saw a marked jump in the number of reported incidents.

Ransomware crimes are targeted attacks, whereby a criminal will send an email to a staff member at a large organization - typically a hospital or clinic - and trick them into installing malicious software on their computer, either by attaching a faux document or including a URL link. Once the software is on the victim's computer, the criminal can hold important patient data hostage for a ransom fee. 

New ransomware strains uncovered
This is bad news for healthcare organizations. According to a recent report from Healthcare IT News, ransomware attacks are becoming more sophisticated, as two new strains were recently discovered - SamSam and Maktub Locker - both presenting a more dangerous threat than previous iterations.

What is Maktub Locker?
Maktub Locker is arguably the most nuanced of the new strains. Healthcare IT News reported that Maktub Locker works by targeting an entire IT infrastructure at any given organization by infecting all systems and data within a certain network. Once it has spread, data is encrypted and held ransom. 

What makes Maktub Locker so dangerous is that it's typically installed via a hoax email containing an attachment. The emails can appear to be incredibly authentic and will often contain elements that make the message appear to be official - such as a "terms of use" attachment, the source explained, quoting Lee Kim, the director of privacy and security at the Healthcare Information and Management Systems Society (HIMSS). All it takes is for one careless or unsuspecting employee to open the attachment for the virus to spread throughout the entire network. 

Another thing that renders Maktub Locker so difficult to deal with is the fact that it can operate even when a network is taken offline.

What is SamSam?
The SamSam strain works slightly differently, but poses a comparable threat: It can spread throughout an entire network by attacking weak areas of JBoss servers. In a similar vein to Maktub Locker, SamSam is able to encrypt data without a download key.

According to Healthcare IT News, both Maktub Locker and SamSam have the ability to encrypt not only data on a network, but also backup files and data - rendering this common security strategy obsolete. 

Strategies for prevention
Lee Kim of HIMSS stresses the importance of a strong security strategy as it is imperative for preventing such sophisticated attacks. Preventative measures such as firewall software installation and backing up data offline are particularly effective, as are routine network inspections from IT security experts. 

Kim elaborated on the significance of security measures to Healthcare IT News. 

"We need to make sure we have a complete, strong security program that blocks the malware we know about," she said. "So if something gets into our system, we can stop and eradicate it to stop the bleed. It's also really important to block and tackle what you can – and have a plan."

"It really is a battle between these cyber criminals and the rest of us," she concluded. "There definitely is a learning curve, but we can benefit as a community to try to build these solutions together."

California hospitals targeted
News of high profile ransomware attacks have dominated headlines recently, with two of the most notable attacks occurring at hospitals in California, NBC News explained. Both Chino Valley Medical Center and Desert Valley Hospital were targeted in attacks which saw patient data taken hostage. Thankfully, the source reported that both attacks were resolved without protected patient data being compromised. 

Another hospital in Los Angles, however, wasn't so lucky. NBC News reported that Hollywood Presbyterian Hospital was forced to pay a ransom after attempts to retrieve the hijacked data proved fruitless. The source noted that the hospital shelled out nearly $17,000 in bitcoins to cyber criminals back in February, in a bid to resolve the disruptive situation as quickly as possible.

The CEO of the hospital, Allen Stefanek, addressed the incident in a press release.

"The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key," he said. "In the best interest of restoring normal operations, we did this."

Given the rise of the new strains Maktub Locker and SamSam, it's likely that incidents like this will become routine in the future, unless comprehensive security strategies are developed and implemented across U.S. healthcare organizations.

Kevin McCarthy's picture

Kevin McCarthy

Industry News Editor

An avid traveler and news junkie, Kevin covers a range of topics from healthcare technology to policy and regulations. As a former journalism student, he enjoys finding stories relevant to small practices and is passionate about keeping them informed. Before joining NueMD, Kevin worked for Turner Broadcasting as a Programming Intern where he conducted legal research and contributed to editorial content development. He received his bachelor's degree in Communication from Kennesaw State University and currently serves as the Industry News Editor at NueMD.

comments powered by Disqus

Related Articles