Threat of ransomware on the rise, especially for healthcare industry
The notion that hospitals and healthcare systems are invincible from cyber attacks is long gone, and many executives in the industry are facing the growing fact that they may actually be most at risk. It's continuously grown easier for hackers to access hospital networks and the latest trend, ransomware, is on the rise, according to Health Data Management.
The rising threat of ransomware
The rate of incidents in the first two months of 2016 alone has already surpassed the number of those total in 2014 and is projected to more than triple by the end of this year, reported Health Data Management. Ransomware infects a network or system's computers and then restricts access, forcing the user to pay a ransom in order for the hacker to remove the restriction. It's a lucrative business because it's fast, easy money, according to the source.
It doesn't cost the attackers much to infect the computer and even if only a low percentage of victims end up paying ransom, it's still a hefty sum. Today, the novel ransomware is overwriting the master boot record in computers and once that happens, "you have given up your computer, and the machine will reboot and you are given a ransom demand," said Raul Kashyap, chief security architect at Bromium.
According to CNNMoney, last year the Federal Bureau of Investigation received 2,453 grievances of ransomware hold-ups across all industries. In total, these hold-ups cost victims more than $24 million dollars. Since authorities haven't yet had much luck stopping these kind of attacks, most victims will end up paying the ransom. Usually, hackers demanded to be paid in the digital currency Bitcoin, a form of payment making it hard to trace and connect the cyber hack to actual people.
#Ransomeware-increasingly common in #healthcare industry and largely unreported https://t.co/XOdIY0O9gO #infosec #privacy #security
— Dejban Law (@dejbanlaw) March 30, 2016
U.S. and Canada issue rare, joint alert
Following a surge in ransomware attacks on hospitals, on Mar. 31 the U.S. and Canada took a rare step by releasing a joint cyber alert, reported Reuters. According to the source, the warning came after private security firms reported an increase in attacks, due to two main factors: an increased sophistication among hackers and a lack of proper security measures by many businesses. The alert warned against paying these ransoms, stating:
"Paying the ransom does not guarantee the encrypted files will be released. It only guarantees that the malicious actors receive the victim's money, and in some cases, their banking information."
Healthcare IT News reported that three hospitals in Southern California owned by Prime Healthcare Services, Methodist Hospital in Kentucky, Hollywood Presbyterian, MedStar Health in Washington, D.C. and King's Daughters Health in Indiana, have all experienced recent attacks of ransomware.
"Organizations used to have an internal network and they could secure the outside of it to make sure an external hacker could not penetrate it," said Elliott Frantz, CEO of ethical hacking firm Virtue Security. "It's easier than ever to gain access inside a hospital's network and compromise a device."