Call us anytime!877-687-1222
For more than a week in February 2016, normal operations at a Hollywood, California hospital came to a sudden and potentially dangerous stand-still. Hackers had successfully encrypted much of the hospital’s data, preventing hospital staff from accessing patient medical records.
The hackers demand: pay a ransom of 40 Bitcoin, or almost $17,000, for the release of some 4.5 million private health records. While patient care was never compromised during the 10-day standoff, Hollywood Presbyterian hospital was forced to revert to pen and paper to register patients and chart medical records. Ultimately, hospital administrators decided to pay the ransom and obtain the decryption key. It was the quickest and most efficient way to restore their systems and administrative functions to normal operations, said the hospital’s Chief Executive Officer.
Ransomware – a Malicious Type of Software
The chaos that ensued at Hollywood Presbyterian was due to a type of malicious software called ransomware that encrypts data so it can only be unlocked with a decryption key. Ransomware, like other malware that exploits vulnerabilities in an organization’s computer system, first surfaced in 2013. Since then, more than 56 types of ransomware have appeared, which means one of as many as 50 gangs could have been behind the Hollywood Presbyterian attack, according to Kevin Haley, director of Security Response at Symantec.
The hospital was open to attack either because of vulnerabilities in any one of many different software programs in use at the hospital, or because someone on staff inadvertently invited the ransomware in by clicking on a web link or by opening an infected email. According to the FBI, email with malicious attachments or hyperlinks accounts for 85% of all ransomware detected. The most popular hiding places for the malware are blogs and online advertisements. Probably with a single click, the malicious software was launched and started encrypting data on Hollywood Presbyterian servers, setting the hacker’s scheme in motion.
Why Ransomware is Surging
Hackers continue to cast their nets across ever-widening distribution channels. Ransomware is cheaper than ever to build, creating economies of scale that result in higher rates of success. With the ability to scale, hackers can target more lucrative targets that are highly motivated to pay the ransom. The ransom itself has become easier to collect, thanks to the advent of Bitcoin and other digital currency that provides criminals an anonymous way to get paid.
Healthcare: A Prime Target for Cybercriminals
The Hollywood Presbyterian ransomware attack came just months after research firm Forrester singled out the healthcare industry as the number one target for ransomware in 2016. Nearly 100 million healthcare records were compromised last year – the number of cyberattacks against healthcare organizations grew by 68 percent over prior year. Ransomware has been particularly costly to the healthcare industry: each healthcare record breached costs the victimized organization approximately $363, according to industry experts – more than twice the average cost per breach across all industries.
Hollywood Presbyterian, of course, is just one of many healthcare organization to have suffered a hit. Recently, other high-profile healthcare attacks making headlines have included: Banner Health (3.6 million electronic protected health information (ePHI) records breached); Newkirk Products (3.4 million ePHI records breached); 21st Century Oncology (2.2 million ePHI records breached); and Valley Anesthesiology Consultants (880,000 ePHI records breached). Just this month, Ashland Women’s Health, an OB-GYN practice in Ashland, Kentucky, reported a hacking incident that affected 19,727 of its patients. Since 2010, federal records show at least 159 healthcare institutions have reported being hacked or experiencing information technology issues that compromised patient records. It’s become a growing epidemic.
Most Healthcare Organizations are Ill-prepared to Deal with an Attack
According to a 2016 Sophos Group study, the healthcare sector is appealing to hackers because of the alarming laxity in many healthcare organizations’ approach to data security. The report also indicates U.S. hospitals lack new technology and best practices to defend against current cyber threats.
A HIMMS study from that same year reports that most healthcare organizations fail to adopt even basic safeguards like anti-malware tools, firewalls and encryption. Of all industries, healthcare had the lowest rate of data encryption. According to the HIMSS study, only 31% of healthcare organizations report extensive use of encryption; 20% reported no use of encryption at all.
The HIMSS report concluded that healthcare providers’ traditional view is they are in the business of saving lives. It follows, then, that IT security staff have a difficult time competing for budget dollars. Unless industry leaders re-examine their funding priorities for IT security, hackers will continue to have the upper hand.
The Best Defense is a Strong Offense
Perhaps it’s easier said than done: be prepared. Know in advance what you will do if your organization becomes the target of ransomware. Preventing ransomware before it occurs is, frankly, more important than how to recover your data. This is because if ransomware encrypts ePHI it is considered a data breach even if the ePHI can be restored from backup, according to the United States Department of Health and Human Services.
How to prevent ransomware:
What to do during a ransomware attack:
AFTER the breach:
The best strategy for preventing a ransomware attack, of course, is to avoid this extortion altogether. This is well within the power of most organizations, but it requires planning and action – before the crisis hits.