The recent rise of ransomware attacks on healthcare organizations is drawing plenty of attention. Dozens of healthcare organizations have been targets. Reports show that hospitals in the US, Canada and Germany have fallen prey to ransomware attacks.
Ransomware is No Longer a Click Away
The latest ransomware no longer requires a user to click a link embedded in an email or a malicious advertising link on a web page. SamSam or Samas is the latest trend in ransomware. It uses a tool called JexBoss to scan for vulnerabilities in JBoss application servers. If SamSam detects a vulnerability, it encrypts files on an organization’s network.
The latest victim, MedStar, was attacked by SamSam. MedStar’s response to the intrusion was quick. They shut down most of their network to stop the ransomware from spreading. The ransom was not paid and the encrypted files were replaced by their backup. MedStar’s IT team was responsive and had their system operating in 24 hours. Not all healthcare organizations are as prepared.
Preying on Healthcare Organizations
In a healthcare organization, having access to a patient’s file could be a life or death situation. A patient could be unresponsive and the doctor may be unaware if the patient is allergic to certain medications. The information is in their medical file stored on the network. Getting quick access to a patient’s medical history online is faster than pulling a paper file out of the archives. The timeliness and accessibility of information is critical in this industry.
The rash of ransomware attacks exposes the lack of security and IT personnel to support and maintain their networks. Also, with the recent payouts, the perception is that they are willing to pay these ransoms.
The importance of accessing files, lack of security, IT personnel, and paying ransoms are making these organizations easy prey.
Testing the Waters
The amount requested in ransoms has been increasing and cybercriminals are testing the waters to determine just how much victims are willing to payout to unlock their files. In some cases, cybercriminals will offer a bulk ransom to decrypt all infected systems on a network.
An LA hospital recently paid $17,000 in Bitcoin to unlock their files. With ransoms rising, what can be expected for payouts?
The general recommendation is not to pay the ransomware because there is no guarantee that the cybercriminal will release the encryption key to unlock the files. In addition, a victim is more prone to further attacks because of the willingness to pay the initial ransom.
The best recourse is to take safety measures to prevent and minimize being a victim of ransomware attacks. Files need to be backed up daily, weekly, and monthly. Keep these backups offline and offsite. Ransomware can encrypt backed up files if they are kept on the network. This will help to prevent data loss and empower an organization from being victimized by attackers. To keep and maintain a secure network, servers need to be kept up-to-date with the latest patches. Making sure you have a HIPAA compliant anti-spam filter.
The rash of ransomware attacks on healthcare organizations is an indication of the lack of security in their networks. Their willingness to pay the ransom is making them an attractive target for cybercriminals. The best line of defense to thwart an attack is to install the latest patches on an organization’s servers and have frequent file backups.