Protecting Hospitals and Healthcare Facilities from Ransomware

The use of ransomware is on the rise — there’s no doubt about it. It’s a scary reality that your computer or laptop may become the next victim of this cyber attack, in which payment is demanded for the release of your files and data. And, while your personal files and the secure use of your personal equipment is just as sacred as the next person’s, there’s an even bigger, badder ransomware trend on the rise — targeting hospitals and healthcare facilities.

When ransomware attacks target hospitals and healthcare facilities, the virus effectively locks out users — doctors, nurses, pharmacists, case managers, respiratory, etc. — from seeing up-to-date information relating to the patient’s care, records, drug histories, surgery instructions, and more. To provide the best care, which is often required in an immediate manner, healthcare workers need this information to remain available…which means they are more likely to pay the ransom. Knowing this, along with the fact that hospitals are rarely offline and that most hospital employees are not trained to focus on cybersecurity (but instead focus on staying HIPAA compliant), cyber attackers are, therefore, more likely to focus their efforts on targeting time-sensitive, patient-centered organizations like hospitals and healthcare facilities. Plus, hospitals and healthcare facilities are considered a treasure trove of information, ranging all the way from social security numbers, home addresses, and bank account information.

Examples of Hospitals and Healthcare Facilities Attacked by Ransomware:

Hollywood Presbyterian Medical Center (Los Angeles, CA)

Affected by Ransomware: February 2016

Ransomware Used: Locky

Ransomware Paid: $17,000 in Bitcoin

Methodist Hospital (Henderson, KY)

Affected by Ransomware: March 2016

Ransomware Used: Locky

Ransomware Paid: $0, thanks to their ability to restore data from backups.

MedStar Health (Maryland and Washington DC Areas)

Affected by Ransomware: March 2016

Ransomware Used: Unknown

British National Health Service (U.K)

Affected by Ransomware: May 2017

Ransomware Used: WannaCry

Number of Facilities Infected: 48

How You Can Tell If You’ve Been Affected by Ransomware

Ransomware can infect an individual computer, all they way up to a core server, effectively preventing an entire organization from accessing databases and shared files. To infect more machines, this can then spread to all those who did access those shared files. Some attacks can even affect backup repositories. With this kind of movement, users may often immediately see a ransom note, requiring payment for the release of files. However, the inability to access shared files on a server is another clue that you’ve been hit with ransomware. Administrators may then find files with names like ‘decrypt.html’ and ‘decrypt.txt’ that have instructions on how to pay.

What To Do If Your Hospital/Facility/Clinic Has Been Infected by Ransomware

  1. Immediately shut down most of the network operations to help prevent the virus from spreading.
  2. Disconnect infected systems from the network, disable Wi-Fi and Bluetooth, remove USB sticks to external hard drives.
  3. Revert to paper records for communication and scheduling.
  4. Try to find out which type of ransomware has infected your system, as there might be a way to bypass encryption.
  5. Restore data from backups, Shadow Copy files, or other methods.
  6. If all else fails, you may have to consider paying the ransom.

The unfortunate truth is, ransomware works because systems become outdated, making them easier targets for malware, and because people pay the ransom to regain access to personal files and vital patient information. The best way to avoid falling victim to this scheme is to maintain an effective cyber security plan, including offering security awareness training for employees, creating a solid backup plan, configuring mail servers to block zip files (and other potentially malicious files), restricting permissions to areas of the network, creating more separation between systems with additional levels of security, or even whitelisting machines to prevent ransomware from installing. If you’d like help securing your hospital or healthcare facility’s network from cyber threats, give Integracon a call. Our healthcare-specific IT services help you streamline your IT operational costs, while gaining access to the latest technology and security. We focus on IT applications and infrastructure so you can continue to enhance your healthcare services.