Ransomware in Healthcare: The Risks. The Remedies.

Ransomware—a form of malware, or a virus, that encrypts and prevents users from accessing their systems or data until a sum of money is paid—is continuing to wreak havoc on organizations worldwide. In fact, there have been more than 200 publicly identified cases of ransomware in the U.S. alone since January. And, most recently, on Oct. 2, the FBI issued a public service announcement warning businesses about ransomware attacks against private and public organizations.

Notably, though, the persistent threat of ransomware against healthcare systems relentlessly wages on. Perhaps the reason is that for healthcare organizations the threat is not just virtual, but also physical. For example, if a hospital’s network—which could include connected medical devices or patient history—is compromised and held hostage, the hospital risks a patient’s data and wellbeing. Therefore, the decision-makers within these organizations may be more willing to pay the ransom, making it a lucrative industry for cybercriminals.

This blog will look at the proliferation of ransomware attacks against healthcare systems, why medical institutions are so vulnerable to these threats, and how to protect patients and your organization against them.

The Exposure of Ransomware

Healthcare organizations have long been aware of the impacts of ransomware. In 2017, the infamous WannaCry ransomware attack compromised more than 300,000 machines worldwide, including Great Britain’s National Health Service and hospitals in the Ukraine. Since then, WannaCry ransomware alone has continued to impact healthcare organizations. According to a recent report by Armis, 40% of healthcare organizations were hit by WannaCry in the first six months of this year.

However, WannaCry isn’t the only ransomware impacting medical institutions—the concern is much more widespread than one ransomware variant. Almost half of the ransomware incidents reported in 2018 involved healthcare companies; and, in the six months comprising Q4 2018 and Q1 2019, reported ransomware attacks increased by a whopping 195%—with healthcare as the No. 2 targeted industry (second only to government and municipalities).

Furthermore, 90% of healthcare organizations saw an increase in ransomware infection rates from 2017 to 2018, and a report by CSO online estimates healthcare related malware attacks will likely quadruple by 2020.

The truth is, the healthcare industry has historically been low-hanging fruit for cybercriminals due to their need for relatively open networks that doctors, insurance companies, payment processors, and specialists interact with. Plus, the use of mobile/handheld electronics in patient care increases the danger even more—18% of healthcare devices have been the target of mobile malware.

The Prognosis

So, why and how is ransomware continuing to proliferate throughout the industry?

For starters, statistics show that hackers are focusing more steadily on large organizations that will often pay larger sums of money to get their data back. Thirty-four percent of businesses hit with malware took a week or more to regain access to their data. Because the services healthcare organizations provide are critical, they’re more likely to pay the ransom, rather than risk their IT networks going down, or worse, risk their patients’ wellbeing.

Additionally, it’s simply too easy and too lucrative for threat actors to carry out a ransomware attack these days. Not only are attackers more sophisticated and better funded, but with the increase of connected devices there are more entry points for hackers to gain access to a network every day. Ransomware-as-a-service (RaaS) offerings on the Black Market also make it easy for script kiddies to buy a cheap ransomware variant from an online vendor and perform an attack that’s proven to pay out in spades. Finally, threat actors are using new techniques to deliver ransomware. In August, PerCsoft, a managed service provider for the dental industry, saw its Digital Dental Record cloud management software compromised, spreading ransomware that impacted as many as 400 offices all at once.

The Prescription

Despite the evident dangers, 50% of 582 cybersecurity professionals surveyed said they do not believe their organization is prepared to repel a ransomware attack.

So what’s the cure? As we’ve said before, there’s no silver bullet to cybersecurity. However, there are ways to mitigate high-profile threats.

First, adopt an assume breach mentality—operating under the assumption of when your organization will be compromised, not if. A proactive disaster recovery plan can increase your chances of withstanding a ransomware attack.

Second, create a culture of security within your organization. Intentional or not, insider threats are the biggest risk facing your company. Employee education and reinforced cybersecurity best practices should be shared regularly with your workforce.

Additional tips for securing your healthcare organization include:

  • Offline Data Backups – Keep multiple backups of critical data, applications, and application platforms. These backups must be air-gapped from the internet and password protected.
  • White-Listing Solution – Limit the use of applications and processes that are allowed to run in your environment by providing a short list of approved applications and processes. Like a VIP list for your PC, if it’s not on the list it’s not allowed.
  • File Integrity Monitoring (FIM) – Monitor your IT environment 24/7/365 for changes to critical OS, files, and processes such as directories, registry keys, and values. FIM also watches for changes to application files, rogue applications running on the host, and unusual process and port activity, as well as system incompatibilities.
  • Practice Least Privilege Access Control – Ensure the user has the least privilege for their job. This also applies to services.
  • Audit/Penetration Testing from Independent, Third-Party Experts – This ensures that you are implementing best practices.
  • IP Reputation Monitoring/Blocking – Block known bad infrastructure and actors.
  • Continuous Security Awareness Training– Educate employees about current and emerging cybersecurity risks and phishing emails. Effective training should actively engage employees and include policies concerning the correct response to suspected phishing attempts.
  • Endpoint Protection Solution– Include protection, detection, and response capabilities for laptops, workstations, and mobile devices. This utilizes antivirus (AV) and antimalware (AM) to block cyberattacks. Quickly detect and remediate any malicious activity or infection that has made its way onto the endpoint.

Not only will implementing these controls help create a stronger security posture for your organization, but it will also help you maintain HIPPA compliance.

As new cyberthreats continue to emerge, the stats quickly show that ransomware isn’t going away anytime soon. In fact, recent studies have shown that ransomware attacks are increasing by more than 300% year over year with the average monetary damage reaching the hundreds of millions of dollars by 2020.

For healthcare systems, it’s especially critical to become proactive in the implementation of cybersecurity measures. Stay vigilant, and never become complacent. After all, lives depend on it.

For more information on the risks of ransomware facing healthcare systems today, watch Armor’s recent webinar, Dirty Encryption: The Scourge of Healthcare Ransomware.

Resource Center

More security resources at your fingertips.

Practical Content for Security, DevOps, & IT Professionals