What Recent Ransomware Attacks Can Teach Hospital IT Teams

Hospitals are naturally attractive prey to hackers of all sorts. First, they hold vast databases filled with lots of patient information. This data is much richer than the data held by most financial institutions, because it includes all of the personal identifiable information for that person, as well as data on their family histories and a lot of financial information.

Unlike financial institutions, hospitals are filled with medical professionals who are not necessarily trained or well-versed in the latest internet scams, email hoaxes, and dangerous websites. Hospitals also generally lack the massive budgets that businesses have to assign for network security, and that tight budget may lead to outdated systems and security software.

Aside from the ordinary data breach, hospitals are falling victim (at an alarming rate) to a relatively new type of threat: ransomware. Ransomware started out primarily targeting individuals, and typically using rather uncomplicated methods. Today’s ransomware is much more sophisticated, and has been used to take down massive healthcare organizations, in addition to government agencies, and even an entire municipality. Here’s what you need to know to keep your hospital out of harm’s way.

What Ransomware is and What it Does

To understand the recent attacks, it’s important to know what ransomware is.Ransomware is a specific kind of malware that is designed to infiltrate computer systems or networks and lock down their database and/or software applications until a ransom is paid. Usually, the ransom is payable only by bitcoin, which is an Internet currency that isn’t traceable. In most cases, the objective is not to steal patient information (although this is always a possibility), but to make the hospital’s data and systems unusable until the money is paid. Usually, the first indication of a threat is when some or all of the devices on the hospital network begin displaying a message that the system is inaccessible until a ransom is paid.

Recent Incidents Involving Hospitals and Healthcare Organizations

At least four notable healthcare organizations have already been targeted this year, including MedStar Health, a Washington D.C.-based healthcare organization employing more than 30,000 workers and serving hundreds of thousands of patients through 10 hospitals and 250 outpatient clinics across Maryland and in the metro D.C. area. MedStar is the latest in the string of hits (most likely originating with hackers operating in Eastern Europe, outside the jurisdiction of U.S. authorities.) They have been forced to shut down all their email and records databases, and revert to paper charts and records. This has caused massive delays in critical medical treatments and surgeries, and the cancellation of numerous patient appointments.

The MedStar Health breach comes after similar incidents at Hollywood Presbyterian Medical Center in Los Angeles, CA; and another at Methodist Hospital in Henderson, KY. The IT department for Methodist Hospital in Kentucky was reportedly able to fend off the attack without paying the ransom, by employing a strong backup and disaster recovery program. However, they are the exception. During one 9-month stretch in 2014, the FBI took complaints from 1,838 potential ransomware victims for a total of $23.7 million in ransom payments. Hollywood Presbyterian in L.A. was forced to pay their hackers $17,000 in bitcoins, and another medical facility reportedly paid $1,600 in bitcoins to free their systems from attack.

How to Protect Your Hospital Network Against Ransomware and Other Cyber Attacks

It’s important to get employee training so that hospital staff are able to identify threatening emails and other issues they might encounter online. But this training needs to be backed
by rigorous network security.

Preventing a ransomware attack is much like protecting your hospital against other types of cyber attacks. It all hinges in a smart network security solution.

  • Be sure ransomware and similar attacks are addressed in your disaster recovery solution.
  • Back up systems regularly, frequently, and completely. Keep as many copies of your backups as possible, so that if the malware isn’t identified for some time, you can still revert back to a backup before the infiltration.
  • Get an assessment of your current network security.
  • Make changes and upgrades based on those recommendations.

In the end, the cost of succumbing to ransomware is much higher than the cost of protecting your hospital network in the first place. It all starts when you contact the security experts at Turn-key Technologies. Visit now to request a quote.

By Craig Badrick

05.05.2016

Sign up for the TTI Newsletter