Blog Overview

One of the most significant security nightmares for organizations is dealing with ransomware. Let’s see the implications and discuss some handy tips that can help deal with such issues and defend against healthcare ransomware attacks.

Organizations are heavily investing in digital transformation by leveraging Information Technology (IT), Networks & Communication technology.  On the other hand, information systems have increasingly become a soft target for cyber adversaries with the use of the internet and other digital technologies. Yes, the reference is to the cyberattacks caused by various malware (a malicious software) that can create nightmares for the security of your sensitive PHI or Personal Healthcare Information (e.g. health check records, ultrasound, x-ray details, etc.)  and PII or Personally Identifiable Information (information such as name, address, date of birth, mobile numbers, email id, etc.). One of the most prevalent malware that is used by hackers today is the ‘ransomware.’ The most common method of gaining access to the organization’s information systems is phishing. Phishing usually occurs through emails that pretend to be coming from genuine sources to trick the victim into downloading the malware into the system or clicking on a malicious link.

What Is A Ransomware Attack?

Ransom is not a new word for anyone. We always hear about kidnappers demanding ransom for releasing someone’s valuable assets from their captivity. Ransomware is something similar to it, a type of malware (malicious software) that can prevent you from accessing your information systems, either by locking the screens or blocking the account access until a ransom is paid.

Healthcare Industry – A Soft Target For Attackers & The Magnitude Of The Threat

One has to admit that the healthcare industry is a soft target. As it is usually a matter of life and death in the case of a healthcare facility, these organizations tend to pay the ransom rather than adopt alternative means to deal with the issue.

Hospitals are the most vulnerable targets as the stakes are the highest when things come to a standstill without access to data. Therefore, they end up paying the ransom, thereby encouraging these cyber criminals.

 Ransomware is a significant security threat for all organizations. If you glance through Verizon’s 2018 Data Breach Investigations Report, you will notice that ransomware has become the most common of all malware. More importantly, the DBIR shows that the healthcare industry is the most affected of all, with 85% of malware targeting it.

Cybercriminals are becoming smarter by the day as they move towards creating ransomware that attacks business-critical systems, thereby enhancing the scope for demanding more ransom.

Some of the prominent examples of ransomware hitting the healthcare industry are:

• Hackers breached the Singapore government’s health database and were successful in accessing the data of about 1.5 million patients, which included demographic information and patient identification numbers.
• In an unprecedented cyber-attack, WannaCry ransomware affected UK’s National Health Service, forcing to turn away patients, canceling the surgeries and other appointments.
• SamSam ransomware pursuing healthcare organizations
• One of the largest health insurer Anthem of the United States was hit by a massive breach of this century, which resulted in compromising PHI & PII of around a million patient records.

How Do You Deal With The Issue?

Considering PHI (Protected Health Information) and PII (Personally Identifiable Information) concerns, there is a whole lot of privacy and patient security too at stake here besides financial loss. The Technical administration and the EHR (Electronic Health Records) departments of the healthcare facilities must give top priority to protecting the confidential information of the patients that have placed their trust in them. They are answerable in case the vulnerability results in medico-legal severe repercussions, as any negligence would mean a clear violation of the HIPAA (Health Insurance Portability and Accountability Act) rules.

The very fundamental step towards dealing with the issue would be to create awareness amongst your employees and train them on how to identify malicious attempts to hack data. Without a doubt, cyber hygiene is essential in fighting ransomware.

• It is advised to be suspicious when you encounter an email from an unfamiliar source, and even a familiar-looking one, for that matter. It is better to seek expert opinion before clicking on the spurious links or downloading attachments.
• One of the critical aspects of cyber hygiene is to think before you click.

In simple terms, cyber hygiene is not putting yourself in a situation surrounded by malicious links, which is a vital component to a robust Healthcare Info-security system.

Control Measures To Deal With Ransomware

Certain necessary precautions can help you get away unhurt even if you happen to come under a ransomware attack. The following safeguard could be a prudent mitigation strategy.

• Enhanced security controls should be implemented to protect electronic medical records (EMR) and patient’s sensitive and confidential information.
• Security experts advise healthcare institutions not to pay up the ransom when demanded, as it does not guarantee that you will get the access to information back after paying the ransom.
• The ideal strategy is to ensure secure backups, preferably in two separate locations. Thus, you are equipped to deal with the situation rather than having to rely on a criminal parting with the key.
• Regularly updating information systems and applications, antivirus software, and patching the operating systems against the risk of cyber attacks.

Some Famous Examples Of Ransomware Attacks In The Healthcare Industry

We shall now look at some of the prominent ransomware attacks on the healthcare industry.

• Hancock Health Hospital – SamSam Ransomware attack

Hackers infiltrated the computer network of Hancock Health Hospital by using a remote-access portal to log in using a vendor’s name and password. The criminals misused the account credentials and targeted a server located at the hospital’s emergency IT backup facility. They used the electronic connection between the server on the hospital’s main campus and the backup site to offload their SamSam ransomware. As a result, the hospital ended up paying $50,000 to get back the network access.

• Adams Memorial Hospital Attack

In this attack, three physicians’ offices and an outpatient clinic lost access to the hospital’s network, as a result of which they were unable to assess the patient history and schedule appointments. About 60 to 80 patients were affected in this ransomware attack.

Strategies To Adopt When You Encounter Ransomware

Healthcare organizations should adopt these following measures to deal with ransomware when they detect one.

• Isolation is the key – Isolate the infected systems immediately to prevent the ransomware from affecting shared drives or the entire network.
• Switch off the power – Ransomware does not affect all systems at the same time. Therefore, it is advisable to switch off the affected devices that are not yet completely corrupted. Thus, you gain some time to recover data and prevent the situation from worsening.
• Secure your backup data –Ensure that your backup systems are free from malware before you use them to restore data.
• Contact the law enforcement agencies – Report the ransomware attack to the law enforcement agencies and seek their assistance. They have the expertise to deal with such issues.
• Change user credentials – Change the online account passwords and network passwords after isolating the system from the network.
• Delete Registry values – Delete the registry values and files and prevent the program from loading.

Final Thoughts

Ransomware is a growing threat to the healthcare industry that needs to be tackled with an iron hand. The increasing use of the Internet of Medical Things (IoMT) devices in the healthcare sector have induced a new set of vulnerabilities waiting to be exploited by cyber adversaries. Therefore, most of the establishments are recruiting cybersecurity experts on its board of directors. In spite of all safeguards, ransomware can still affect your information systems. Hence, it is essential to analyze your entire information ecosystem, assess the risks and impacts, and implement the countermeasures. Malware can lay low for some time, after which it will rear its ugly head once again. Thus, investing in a continuous information security program should be of prime importance for the healthcare sector as much as for other industries and be able to protect the confidentiality, integrity, and availability of information assets.