Blogs Home
Thursday, August 4, 2016 8:00 PM

Healthcare — today's biggest ransomware target

Written by Frank Mclaughlin, Chair of NCHICA’s Privacy and Security Workgroup and Director of Professional Services at Virtue Security

It's no surprise to me that healthcare is now a prime target of cyber-criminals using ransomware to extort money. They want to go after a business that cannot function without access to its data and that's definitely healthcare. As you can imagine, not having access to your patient data can cripple your delivery of quality care.

What these criminals do is lock or encrypt your healthcare data until you pay the attackers a huge ransom.

In April of 2016, Healthcare IT News reported, "Two more hospitals struck by ransomware, in California and Indiana." They go on to state, "The steady drumbeat of ransomware attacks continued this past week with new reports of two hospitals forced to fight off malware that froze IT systems."

Also in April, MedStar — the parent company of Baltimore's Union Memorial Hospital — experienced a ransomware attack called Samsam. It is malware that uses well-known exploits in the JBoss application server and other Java-based application platforms. These attacks target the server itself.

Ransomware often starts with an employee opening a single file that unleashes a virus that shuts down the entire system. But ransomware can be activated in a number of ways. These include infected downloads, phishing scams, or opening an email attachment containing malware.

In my experience, the best way to prevent malware from getting into your EHR is by educating your staff on how to spot and avoid activities that could lead to infections.

These stories of hospitals that have been hit indicate that the most common tactic for dealing with an attack is to wipe the entire system, then restore it from a secure backup. This approach allows you to avoid paying any ransom which, in the end, may or may not result in the system and its data being unlocked.

Backing up your system is a smart approach for protecting your healthcare data. During the wipe and restoration process, however, the data is still inaccessible. Care cannot stop while your EHR is down — and lack of access to patient data could be life threatening to some of your patients.

It's important for you to have a way to access patient data, from the moment of the attack until the full restoration process is complete and operable.

On Thursday, August 18, 2016, from 12:00 to 12:30 p.m. Eastern Time, I will be presenting a webinar on "How to Limit Patient Risk During a Ransomware Attack." I’ll be speaking on the webinar with my friend Mark Johnson, MHA, RN-BC, CPH, IMS, Senior Director of IatriConnect Solutions at Iatric Systems.

You can register for this webinar here now. Mark and I will be presenting the three keys to protecting your patients and your hospital during a ransomware attack. We'll talk more about the threat itself, how your hospital can assess its risks and develop an impact analysis, and how to keep your data accessible even as you're restoring your system. I hope you'll join us for this important presentation.