Last year we reported the disturbing rise of ransomware in healthcare, specifically within ASCs as well as explaining how employees are used as targets for identity theft. Organizations have been victimized by hackers who steal patient identities and disable access to key patient treatment and status records until ransom demands are met.
While it sounds like something out of a dramatic cinematic film, ransomware is very much a harsh reality. Traditional technology networks are vulnerable and lucrative to attacks. Small to medium-size health care facilities are marked as primary ransomware targets because their security infrastructure is often lacking.
Ransomware attacks have infested healthcare organizations for years. In 2017, the WannaCry ransomware targeted medical devices and caused extensive problems for healthcare companies. Earlier this year, SamSam ransomeware hit a number of healthcare organizations.
Ransomware attacks obviously concern healthcare IT professionals. According to a survey by security firm Imperva, a ransomware attack is the type of cyberattack that most worries healthcare IT professionals. Almost 10 percent of those surveyed had paid a ransom or extortion fee, while almost half didn’t know if they had paid a ransom or not. More than one-third of healthcare organizations have suffered a cyberattack within the last year, the survey found.
Cyberattackers continue targeting healthcare organizations to obtain medical records in order to sell patients’ information. Imperva’s CTO Terry Ray explains, “There have been a number of incidents recently where cybercrime has impacted hospitals and left them unable to access patient data, which demonstrates the consequences of a successful attack. It is crucial that healthcare organizations take steps to protect their data.”
The Good News for 2018
Even with some well-publicized ransomware attacks against healthcare organizations this year, healthcare ransomware attacks are on the decline, according to the latest analysis by cybersecurity firm Cryptonite.
The number of healthcare ransomware attacks decreased 57 percent in the first half of 2018 compared to the same period in 2017. There were only 8 ransomware events in the 2018 first half, while there were 19 ransomware events in the 2017 first half, according Cryptonite’s analysis of data.
The Bad News for 2018
Criminals have come up with even more clever ways to get what they want.
“While 1st half 2018 shows a downtrend in the successful use of ransomware, we expect cyber criminals to continue to adjust their attack techniques to successfully targeting the IoT devices, medical devices, and mobile devices for the continued compromise of healthcare networks,” commented Cryptonite President and CEO Michael Simon.
Over the last few months, cybercriminals have begun using the innovative GrandCrab ransomware for their ransomware attacks, according to Fortinet’s Threat Landscape Report Q2 2018. GrandCrab is the first ransomware to accept Dash cryptocurrency and to be based on a ransomware-as-a-service model that shares profits between malware developers and cybercriminals.
In the first half of 2018, cryptocurrency miners accounted for 32 percent of attacks while ransomware only accounted for 8 percent of attacks, according to Skybox Research Lab’s security analysts. In the second half of 2017, ransomware accounted for 32 percent of attacks, while cryptocurrency miners accounted for only 7 percent.
While not as destructive as ransomware, cryptocurrency miners can still significantly degrade a healthcare organization’s IT infrastructure because of their skills required to mine for cryptocurrency.
Here are a few advantages to cryptocurrency mining over ransomware for cybercriminals:
- The victim does not need to be informed of the attack, so it can continue indefinitely in a sly manner
- Cryptocurrency can be mined over longer periods of time, vs. the cybercriminal receiving one lump-sum ransom payment
- No decision on payment is needed from the victim—the attacker controls how much money will be produced
Securing Healthcare’s Cyberspace
Ransomware received a lot of attention in years past. To an extent, companies paid attention and put effective precautions in place, establishing reliable back-ups and even derailing attackers with decryption strategies. In turn, cybercriminals found—in cryptomining—a path of lesser resistance. The recent increase in value of cryptocurrencies has made this an extremely profitable attack alternative.
It is critical that healthcare organizations put measures in place to protect their sensitive data. To lessen the risk, organizations should ask themselves where their sensitive data is stored and invest in protecting it. Businesses can implement solutions based on machine learning technology to process and analyze infinite amounts of data. This process will help identify crucial anomalies that indicate misuse of data to quickly quarantine risky users and prevent any additional issues.