Photo courtesy of cyberbit.com
Since our last article, which highlighted how cryptojacking has become more popular than ransomware for cybercriminals, there have been two major incidents of ransomware hitting the healthcare industry. Ironically, we also specifically discussed one healthcare organization that elected to pay a ransom of $55,000 as they determined it would be more costly not to pay the ransom. Could this be the reason that ransomware distributors are specifically targeting healthcare organizations?
Ransomware Targeting the Healthcare Industry
When the city of Atlanta was hit with a ransomware attack, they decided not to pay the $52,000 ransom. However, it’s estimated that the time the city’s systems were shut down ended up costing them nearly $2.8 million. As mentioned before, one healthcare organization determined it was better to pay a $55,000 ransom instead of having their systems shut down for the time it takes to restore all of their servers. On top of that, it’s very common that hospitals have to turn away patients or even transfer patients to other hospitals while their systems are down. This is because many ransomware variants affect not only documents within the servers but internal communication systems and electronic health records. Without access to these vital systems, a mistake of providing a patient with unnecessary or wrong care can prove to be fatal.
The combination of losing a significant amount of money from turning patients away and not having access to vital systems that enable doctors, nurses, and the administration to do their jobs effectively could be the very reason why healthcare organizations elect to pay the ransom. As such, this could also be the reason why hackers are targeting the healthcare industry so hard. If they weren’t paying the ransom and just restoring their files from backups and then continuing on with their business, there’s no reason for hackers to target them. Like we have said before, hackers are in the business to make money. If they aren’t getting paid, they are going to look elsewhere for the revenue.
Healthcare Ransomware Attacks
On July 9th, Cass Regional Medical Center announced it had become a victim of a ransomware attack. The hospital quickly initiated its incident response protocol, and IT professionals worked with local law enforcement and forensic specialists to investigate the incident. While the investigators don’t believe any patient records were compromised, they opted to temporarily shut down the system. In a press release from the medical center, they did not disclose whether they ended up paying the ransom. However, we do know that all systems were shut down until July 18th, which most likely cost the medical center more than what the ransom would have been.
In another incident, a private hospital in Navi Mumbai suffered a ransomware attack that demanded ransom in the popular cryptocurrency, Bitcoin. Mahatma Gandhi Mission Hospital suffered the ransomware attack on July 15th, when hospital administrators found their systems locked with a ransom note demanding payment to regain access to their files. As this attack only came to light in the past couple of days, it’s uncertain whether they have or are going to pay the ransom. In the ransomware attack, computerized billing and medicine prescription systems were affected. However, the hospital also maintains a written record of all its data.
The most recent attack on a healthcare organization was reported early this morning (July 20th) regarding Singapore’s government health system suffering their most serious breach of personal data to-date. While it’s unsure whether this was due to ransomware or another attack vector, it’s believed that all of the 1.5 million people who have visited Singapore’s clinics between May 2015 and July 2017 have had their personal medical records compromised.
Healthcare Ransomware Outlook
In 2018 alone, there have been at least ten highlighted ransomware attacks on healthcare organizations. Most of the ransom demands have been between $50,000 and $60,000 with the vast majority of organizations paying the ransom to minimize the damage done from all systems being down. As we can see with the emergence of cryptojacking, if cybercriminals see an easy way to make money or an easy target, they are going to pounce.
Because of the healthcare sector’s reliance on IT systems and the importance of patient data and records to be operational, the risk of being hit with ransomware is expected to increase. While we can recommend regular backups of data, the data that has been encrypted is simply too important to be down for several days or even weeks. Instead, hospitals should focus on patch management to ensure all networks, endpoints, applications, databases, and medical devices are up-to-date. Furthermore, they should implement network segmentation which limits hackers’ lateral movement, so if one computer is infected, the entire organization doesn’t become infected.
Contact WatchPoint today to learn more about how we can help with all of your cybersecurity needs and ensure your organization isn’t the next victim of a ransomware attack, which is still very, very much a possibility.