A hospital ransomware attack netted one cybercriminal gang $17,000 last week, with the ransom demand paid in the untraceable Bitcoin currency. An employee of Hollywood Presbyterian Hospital is believed to have accidentally installed the ransomware, which locked the hospital’s electronic health records for almost two weeks until the ransom was finally paid.
The ransomware was installed on February 5, 2015., locking critical files and reducing the efficiency at which medical services could be provided. Patients were still able to receive treatment, although there were reported delays in the emergency room and some patients were transferred to other facilities. Physicians were prevented from accessing the EHR system and had to log patient notes manually.
A hospital ransomware attack has potential to be far worse. In this case, some files and the EHR were locked, although attackers could potentially have done far worse. If the ransomware had managed to spread to networked medical devices, they too could have been taken out of action as well.
While data can be restored from a backup, should medical devices have critical files locked, healthcare providers may be left with no alternative but to pay the ransom to obtain the security keys to unlock their devices. The FBI has reportedly told a number of companies that they should pay the ransom to unlock files. Often there is little choice if files need to be recovered.
HIPAA covered entities should be protected against ransomware infections, as they backup all patient data. This is one way that it is possible to protect against a ransomware attack. However, the backup system will really be put to the text in the event of an attack. Some healthcare providers may find their backup systems are not nearly as good as they imagined.
If data has not been properly backed up, or if there are issues with restoring data, there will be little alternative but to pay the ransom and hope that the attackers supply the security keys as promised.
Hospital Ransomware Attack Could be the First of Many in 2016
According to research conducted by Intel Security, 3% of ransomware infections result in a ransom being paid. Research conducted by Trustwave indicates that a criminal can spend around $5,900 to conduct a ransomware campaign that lasts a month. That campaign could net the criminal around $90,000, which is a particularly good ROI.
A hospital ransomware attack used to be a rarity, but with such high returns, and ransomware campaigns getting easier to launch, it is likely that more healthcare providers will be targeted over the coming months.
Ensuring backups are made on a daily basis is one way of protecting against ransomware, but the best protection is to make sure that all members of staff are told not to click on links in emails, or open any file attachments that they are not 100% sure are genuine. Once ransomware is installed on a computer or a network, it may be impossible to remove without paying a ransom for the security key.