88 Percent of U.S. Healthcare Attacks Attributed to Ransomware

Wait, what? Eighty-eight percent of all ransomware attacks have been imposed on healthcare? Apparently, of all the U.S. industries – including retail, education, finance, and technology – a vast majority of attacks occurred at healthcare organizations, according to the Security Engineering Research Team Quarterly Threat Report

The jaw dropping number was collected from feedback from the vendor’s clients, which also found that ransomware detections decreased between January and February of this year but picked up again in March, April, and May.

Given the news about the rise in breaches should not be overly shocking, the reported number of ransomware attacks was mind boggling because of the sheer number of them. Ransomware dates back to 1989. Cybercriminals are taking interest in the return on investment that ransomware promises and have increased the time, effort and money they invest in developing new strains of the malware to reach their goals – making money through malware and seizing information by capturing a healthcare’s records and holding them ransom.

According to Wired magazine, the FBI estimated in 2014 that the extortionists behind the CryptoLocker strain of ransomware took $27 million in just six months out of people whose data they took hostage. Thus, ransomware is very lucrative. As they become more sophisticated, the attacks are leading to encrypted servers, not just individual computer systems, in an effort to prevent an entire organization from accessing shared files and databases. The attacks also go after backup repositories. Essentially, cybercriminals shut an entire organization down, bringing it to its knees. This is especially troubling in healthcare, as we know and have seen several times now.

Other forms of ransomware do more, like searches for “Volume Shadow Copy” files, a feature in Windows systems that backs up copies of files automatically, even while people are working on them, and them erases them. Other forms encrypts a user’s files and then demands ransom for a code will decrypt the files, was the most commonly detected ransomware of the quarter, being detected in 94 percent of attacks, according to the report.

“Ransomware is rampant because it works. The digital extortion racket has been around since about 2005 and began in Eastern Europe, but attackers greatly improved on the scheme in recent years with the development of ransom cryptware, which encrypts files on a machine using a private key that only the attacker possesses, instead of simply locking the keyboard or computer,” Wired reports.

And, hospitals are becoming a bigger target because many of their employees have not been trained their employees on security awareness, and hospitals don’t focus on cybersecurity in general; they focus on HIPAA compliance and meeting the federal requirements for protecting patient privacy.

Finally, and perhaps most importantly, victims are infected with ransomware through phishing attacks that carry a malicious attachment or instruct recipients to click on a URL that downloads malware to their computer.

So, what to do? Some advice can be found in this “hostage manual” which instructs victims of ransomware how to respond after an attack and better yet, how to prevent one in the first place.

One of the most obvious things to do is disconnect infected systems from a network and disable Wi-Fi and Bluetooth to prevent the malware from spreading. Victims are also told to remove any USB sticks or external hard drives connected to an infected computer to prevent those from being locked as well.

Once infected, you have two options, the site writes: pay the ransom or restore data from backups. If no backups exist, perhaps you’ll be forced to start over. If not, you may have to start over.

But, the best medicine is prevention. Maintain backups and provide awareness training for employees to prevent them from clicking on phishing emails. Consider sending employees frequent simulated phishing attacks, which you can make into a game or an award-type program, and, ultimately, good practice. Make the training a part of your organization’s regular practice, or culture.

Scott Rupp's picture

Scott Rupp


Scott E. Rupp is a writer and an award-winning journalist focused on healthcare technology. He has worked as a public relations executive for a major electronic health record/practice management vendor, and he currently manages his own agency, millerrupp. In addition to writing for a variety of publications, Scott also offers his insights on healthcare technology and its leaders on his site, Electronic Health Reporter.

comments powered by Disqus

Related Articles