Ransomware Attacks and Healthcare

While healthcare providers and healthcare industry vendors cannot afford to ignore HIPAA, a much bigger threat has emerged: ransomware attacks on hospitals and healthcare providers that are not seeking to breach patient information but instead render it inaccessible until the organization pays a hefty ransom. According to latest data from specialist insurer Beazley, healthcare remains the most targeted industry by ransomware attacks, which have spiked in the third quarter of 2018.

What is ransomware?

Ransomware is malware that renders a system inoperable (in essence, holding it hostage) until a ransom fee (usually demanded in Bitcoin) is paid to the hackers. As opposed to many other forms of cyber-attacks, which usually seek to access the data on a system (such as credit card information and Social Security numbers), ransomware simply locks the data down.

Hackers usually employ social engineering techniques – such as phishing emails and free software downloads – to get ransomware onto a system. Only one workstation needs to be infected for ransomware to work; once the ransomware has infected a single workstation, it travels through the targeted organization’s network, encrypting files on both mapped and unmapped network drives. Given enough time, it may even reach an organization’s backup files – making it impossible to restore the system using backups

What can the healthcare industry do about ransomware?

The healthcare industry needs a major shift in mindset: Providers must stop seeing information systems and information security as overhead costs to be minimized, realize that IT is a critical part of healthcare, and allocate the appropriate monetary and human resources to running and securing their information systems.

The good news is, since ransomware almost always enters a system through simple social engineering techniques such as phishing emails, it is fully possible to prevent ransomware attacks by taking such measures as:

  • Instituting a comprehensive organizational cyber security policy and training
  • Robust firewall solution with content filtering
  • Full time monitoring of malware, viruses and health of computers and servers.

Computer & Data Network Services (CDNS) feels that it is much better to prevent a ransomware attack than to attempt to deal with one after it has occurred, especially in a healthcare environment, where lives are at stake should patient data become inaccessible. We offer full-service risk assessment services and full-time management software to protect hospitals and other healthcare organizations. Contact CDNS at (334) 874-8234 today to discuss your organization’s cyber security needs and find out how we can help you prevent your facility from becoming the next victim of a ransomware attack.

Read more