How is Healthcare affected by Ransomware Attacks

What is Ransomware?

Ransomware is a malicious piece of software that infects a targeted network and encrypts its data. The attackers then demand a ransom (usually paid in untraceable cryptocurrency) in exchange for a key that decrypts the network’s compromised data.

Most damage done by ransomware variants is fairly easy to undo by cybersecurity professionals. However, ransomware attacks have become increasingly more sophisticated and aggressive in recent years. In tandem, schemes dubbed as “Ransomware-as-a-Service” (RaaS) allow users to buy ready-to-use ransomware if they lack the technical knowledge to write their own, as long as a share of the profit from successful blackmail attacks is paid to the RaaS developers. Reports of ransomware packages being sold for as little as 39$ on the Dark Web have also been documented since 2016.

The increasing sophistication and availability of ransomware variants, combined with the severe lack of measures taken to protect networks from such attacks, has left most sectors around the world at risk. These factors, as well as millions of dollars extorted in just the past two years, has made ransomware attacks a huge industry for cybercriminals around the world.

One industry has proven particularly vulnerable to these attacks, and has suffered the majority of ransomware attacks since 2016: healthcare providers.

What is Ransomware

Why Healthcare is Ransomware’s Main Target

A majority of ransomware attacks since 2016 have targeted the healthcare sector, with estimates ranging from 35{f9e613f517110994348d69a5797a353d87ee03cef25d7bb6efd85f4964c1c644} to 85{f9e613f517110994348d69a5797a353d87ee03cef25d7bb6efd85f4964c1c644} of total ransomware attacks targeting healthcare providers around the world. A recent example was the WannaCry worm that crippled more than 200,000 computers in 150 countries in just 5 days in May 2017, crippling organizations such as the UK’s National Health Service (NHS) in 2017.

Healthcare is in many ways the perfect target for “cyrptoviral” extortion. One reason is because hospitals and healthcare providers do not upgrade and maintain their networks’ cybersecurity regularly, meaning software updates designed to patch vulnerabilities ransomware exploits aren’t always installed in time.

Another reason is the life-threatening need to access the data ransomware attacks encrypt. This makes the healthcare sector much more likely to pay ransoms as quickly as possible in order to avoid any risk to patients’ lives and health due to lack of access to vital health data. This makes cybercriminals more inclined to target the healthcare sector, which has weak defenses and is more willing to cough up money to save both their patients and reputations.

In an increasingly connected world, everything from an ambulance, to an MRI machine and even blood-storage refrigerators are vulnerable to ransomware attacks. This poses a massive risk to healthcare providers across the world, and cybersecurity firms and governmental agencies worldwide are ramping up efforts to counter and prevent attacks from wreaking havoc on infrastructure and sectors such as healthcare, finance and manufacturing.


Three-Pronged Approach to Defend Against Ransomware Attacks

Healthcare providers need to drastically improve their cybersecurity as soon as possible. Advanced malware protection, anti-viruses, firewalls, and email and web security should be a priority for the healthcare sector moving forward. Regular software updates can protect against older versions of ransomware, but also more sophisticated ones identified by governments and cybersecurity firms which patch the vulnerabilities and push software updates to protect against them. Think of it like a flu shot, which needs booster shots periodically to provide up-to-date protection to the latest strains of the virus.The second element of a robust defense is comprehensive and consistent data backups. Back up locations should not be connected to the main network, ensuring that if an attack does infect the main network, it won’t spread to the back up. This measure means that even if a ransomware attack was successful, a hospital can still restore the data from the uncorrupted back up location, even if the main network is still inaccessible.

Even with robust malware protection, firewalls, anti-viruses and remote, secure backups, networks will still be vulnerable due to human error. That’s because infections usually happen using Trojans, which like the deceptive wooden horse that led to the downfall of ancient Troy, misleads users into thinking it’s a normal file or email attachment. Users unwittingly download the file, and the system is infected. Other ways of infection involve phishing links (links that seem legitimate, but lead to dummy sites where data can be harvested, or files downloaded, without the user’s knowledge) and other forms of social engineering that trick users into downloading the ransomware worm.

In other words, even with all the security features up-to-date, an unwitting mistake from one employee can grant access to ransomware worms and infect healthcare providers’ networks. This means that healthcare entities need to train all their employees, especially the less tech-savvy among them, on how to avoid suspicious emails and links, and the best practices to minimize the risk of cybercriminals social engineering their way past the network’s defenses.

Ransomware extortion attacks show no sign of slowing down anytime soon. In fact, they will probably evolve quicker than ever before. This could be catastrophic for any connected system, but the healthcare sector seems to be especially vulnerable to ransomware attacks, and exceptionally irresistible to cybercriminals seeking quick ransom payouts.

Stay safe! check out the our managed security services.

اترك تعليقاً

لن يتم نشر عنوان بريدك الإلكتروني. الحقول الإلزامية مشار إليها بـ *