A recent ransomware attack has organizations around the world on edge about the security of their data; here’s why healthcare organizations should pay close attention.
What is ransomware?
Ransomware is a type of malicious cyberattack that has grown in notoriety and frequency in recent years. You might be able to guess the mechanics of a ransomware attack from hearing the name. Like kidnapping, ransomware works by taking something valuable to you—your files—and holds them hostage until you pay a ransom.
Ransomware infiltrates your system by infecting your computer with a virus, which is likely accomplished by tricking you into clicking on a link or downloading a file in a phishing email. These emails are disguised as a communication coming from a trustworthy entity, such as a well-known brand or your internet or energy supplier. Once you click on the malicious link or attachment, the ransomware encrypts your computer’s hard drive and locks you out of all of your files. A screen then appears threatening to destroy all files unless the ransom is paid.
What is significant about the most recent ransomware attack?
The recent ransomware attack, known as WannaCry, is being identified as the biggest cyberattack the world has ever seen. In the wake of the first day of the attack, more than 200,000 computers in 150 countries were infected. The majority of the attacks targeted Russia, Ukraine and Taiwan, but U.K. hospitals, Chinese Universities and global corporations like FedEx were also attacked. This attack is “unprecedented in scale” and “sends a very clear message that all sectors are vulnerable” according to Rob Wainwright, director of Europol, the European Union’s law enforcement agency.
The attackers requested $300 paid in bitcoins to release the hostage files. If the ransom was not paid in two days, the price went up to $600. If the ransom was not paid after seven days, the WannaCry ransomware deletes all encrypted files and that data is lost.
Ransomware in Healthcare
The attack on Friday had a significant impact on the NHS, the public body of the Department of Health that oversees the budget, planning and day-to-day operations of healthcare and hospitals in England. With NHS files held to ransom, hospitals across England were left to treat patients without vital patient care information. As a result, many hospitals were forced to divert patients from the emergency room and cancel scheduled surgeries.
The scramble and chaos that the NHS experienced over the weekend serves as a realization of the severity of damage and tragedy healthcare organizations could experience as a result of a ransomware attack.
“This is big: around the world, doctors and nurses are scrambling to treat patients without their digital records or prescription dosages, ambulances are being rerouted, and millions of people’s data is potentially exposed,” Senator Ben Sasse of Nebraska said in a statement. “Cybersecurity isn’t a hypothetical problem—today shows it can be life or death. We’ll likely look back at this as a watershed moment.”
Is the attack over?
No. While the attack was slowed on Saturday, May 13th by 22-year old British IT researcher Marcus Hutchins who stumbled upon a “kill switch” for the attack when he registered a domain name hidden within WannaCry’s code in an attempt to track the spread of the virus, it has not yet been stopped.
Who is at risk?
Anyone is at risk of a ransomware attack. However, it is important that the healthcare industry understands why it is particularly vulnerable to this kind of attack. Also, cybercriminals know that healthcare organizations are under more pressure to get their systems back up and running because patient lives are at stake. Plus, with larger, complex organizations with multiple systems, it may take longer to identify the source of an attack and shut it down. There is a lot of value in attacking healthcare organizations for cybercriminals because there is a high likelihood of receiving ransom payment.
What can you do to prevent ransomware from infecting your organization?
Protecting your systems from the cyber threats like ransomware should be a top priority for your organization. The first step to breach prevention is to make sure you select the most secure vendors and up-to-date software for your organization. When it comes to healthcare payment security, you want to make sure your payments are protected with the best and latest in payment security technology, including PCI-validated point-to-point encryption (P2PE), tokenization and EMV. You also want to make sure your vendors are compliant with healthcare and payment regulations, including HIPAA, HITRUST and the AICPA.
In the event of a breach, make sure your organization is quick to apply patches as soon as they are made available. This is especially important, in light of recent evidence showing that the WannaCry attack might just be the beginning of something much larger and ongoing.
Finally, always make sure you are leveraging robust security software, including anti-virus, anti-malware, email filtering and firewalls.
You can find helpful tips for protecting your healthcare organization from the risks of cyber threats in our Security Corner. InstaMed Security Officer Noah Dermer shares insights and advice on how to best protect your organization from a breach. Check out this month’s post, 3 Key Security Trends Healthcare Organizations Can’t Ignore.