Healthcare Hackers

Ransomware infects health care

By Cutright Elizabeth on May 3, 2016 in Technology

In December of 2014, MIT Technology Review declared 2015 the “Year of the Hospital Hack.” Unfortunately, their prediction came to pass. By the end of 2015, Websense researchers reported a 600% surge in cyber-attacks on hospitals – and that number is only expected to climb. Both the Ponemon Institute and the Privacy Rights Clearinghouse have identified health care data particularly susceptible to cyber-attacks.

A Top Target

As we reported last month, the threat of ransomware continues to grow, and hospitals, in particular, are in the crosshairs. With assaults escalating every day, healthcare facilities face a tricky balancing act as they weigh the benefits of technology against the need for security.

While 2015 saw a significant uptick in cyber-attacks at hospitals and other healthcare facilities, 2016 is shaping up to be even worse. During the first few months of the year, four major hospitals – Canada’s Ottawa Hospital, Hollywood Presbyterian Medical Center, Medstar Washington, and Kentucky’s Methodist Hospital – were on the receiving end of a ransomware aggression. In each case, hackers held the facility captive by demanding bitcoin payments to release their computer systems.

Unfortunately, experts warn the healthcare industry will continue to experience these types of scenarios. Even worse, these attacks could result in a whole host of dire consequences, including some with life-threatening implications.

“One can imagine how detrimental it would be if someone was in the middle of a major operation and suddenly all of their health records became unavailable,” says Malwarebytes security researcher Jérôme Segura.

Data Rich Targets

Carl Leonard, principal security analyst for Websense believes hospital hacks are alluring because of the type information stored by medical facilities. Medical records, which often contain social security numbers, dates of birth and other sensitive information, can provide enough material to “build a near complete picture of an individual,” a profile which can fetch hundreds of dollars when sold to third-parties.

Segura sums up the situation in an article Gizmodo, saying, “Hospitals are in a very different category when it comes to ransomware. The kind of data they hold is very confidential but also very critical to people’s actual lives.”

Don Jackson, director of threat intelligence at security firm PhishLabs also points to the decreased value of credit card information as another incentive. As stolen numbers have flooded the black market, there’s an increased demand for more data-rich targets.

Jackson tells MIT that many hackers have “almost a big data mentality,” with the ability to correlate disparate sets of stolen files into one comprehensive identity. As hospitals increase their dependence on centralized data collection and access, they also expand the type and amount of information subject to ransomware infiltrations.

High Tech and High Stakes

For healthcare facilities, advances in software and data collection are helping keep costs down while streamlining care and improving morale for staff and residents. Unfortunately, as Leonard points out, both the switch to electronic medical records and insufficient security protocols are two main reasons ransomware occurrences are growing in frequency and intensity.

Additionally, the adoption of internet-connected medical gear provides new entry points for cyber criminals. Too many facilities have weak Wi-Fi security while also failing to password-protect connected devices. Medical equipment is also at risk. For example, MRI scanners and surgical apparatuses can easily be hijacked. Even defibrillators and X-ray machines are not immune.

Layered Security

For Ted Harrington, the security researcher who led an Independent Security Evaluators’ investigation into hospital cyber-attacks, the solution is simple: focus on preparation, capital, and responsiveness.

“Our research demonstrated that healthcare organizations have woefully inadequate staffing, funding, training, network awareness, and many other shortcomings,” he tells Gizmodo. “Once healthcare organizations adapt to how much risk they are absorbing through these shortcomings, they will be better equipped to defend.”

Offense for Defense

Machiavelli believed success in war involved destroying an enemy’s ability to attack. It turns out this strategy can also be applied to ransomware. The latest software developed for the healthcare industry comes equipped with multiple levels of security designed to declaw a hacker before he can get near a company’s database.

Users of Yardi software are already experiencing this type of top-notch protection. Clients can operate all aspects of their senior living business confidently; secure in the knowledge that all their data – from patient records to accounting information and other sensitive material – is protected by the best security measures available in the industry, including guaranteed data recovery and around-the-clock monitoring of server operation.