Ransomware. It’s a term that has grown far too popular in hospitals across the country, with over 88% of all ransomware attacks targeting the healthcare sector (1). By October of 2016, 14 hospitals from coast to coast, from Hollywood Presbyterian to MedStar Health in Washington DC and over a dozen in between were hit by ransomware.
Ransomware is exactly what it sounds like–it’s malicious software that encrypts files and holds them for ransom. Hospitals in particular are the most vulnerable targets not only because ransomware can prevent them from accessing any of their files but also because access to medical devices connected to their network can also be restricted.
The encryption is indecipherable and needs a key to be decrypted. In order to regain access to their files, MedStar received a demand for 45 Bitcoins (the equivalent of $19,000) payable to the criminals who held the key to decrypt the files (1).
By demanding cryptocurrency payments from the hospitals, the hacker remains anonymous. Not surprisingly, though, since these are criminals, the exchange of payment does not negate the potential of a future attack, nor does it guarantee that the criminal is no longer able to gain access to the victim’s files or other areas of the network.
Delivered through SPAM or phishing expeditions, the ransomware is hidden in a link or an attachment that appears to be legitimate. Once a single user clicks, the files in that one workstation are encrypted, but the damage can be far more extensive. The malicious software can hijack all of the organization’s files, wreaking complete and utter havoc, as was the case in 2016 for Methodist Hospital in Kentucky, which remained compromised for five days (2).
It doesn’t take very long for the payload to be delivered, at which point the user will see a lock screen alerting them to the fact that their files are now encrypted. The alert will also inform them of the timeline in which they need to pay the fee and give directions on how to purchase the Bitcoin–or other form of cryptocurrency.
Usually, the fee is only a few hundred dollars–minimal enough that the victims are willing to pay, especially since there is the additional threat of an increased charge should they not pay by the deadline. Yet, Hollywood Presbyterian, after being knocked offline for over a week, ended up paying $17,000 in ransom fees (3).
A lucrative crime that is widely successful, ransomware relies on the predictability of human behavior. The criminals understand what motivates end users to click. Through social engineering techniques, the “bad actors” are often able to develop personal relationships with their targets, pretending to be vendors or other third party affiliates.
Perhaps they share a document, PDF, or a link to a website. Whatever it is, they have most likely preceded the delivery of the malicious software with some former communication. By convincing the recipient that the content is safe, they are almost guaranteed success. Once the end user clicks on the link, the payload is delivered, the files encrypted, and access to data is denied.
The attacks are targeted and intended to be harmful. The goal is to make money, and the criminals are earning a lot, having cost hospitals and the healthcare industry hundreds of thousands of dollars last year alone. The issue with ransomware is that while the files are encrypted, business as usual is compromised at best, impossible at worst.
And a primary concern across the healthcare sector is that if business as usual becomes impossible, lives could be at stake. That’s why hospitals have been such a prime target. Malicious actors prey on the fear inherent in human nature. While risks to patient health might not be a realistic probability, few want to gamble with its possibility.
Certainly some sectors are higher targets than others, but no one is without risk of being a victim. As threats continue to evolve, so too will the things that are held for ransom change. A top concern in 2016 was patient data, but as more medical devices are connected to the internet, there is a greater potential of risks to patient health. Since personal medical data provides valuable information for hackers, reports show ransomware attacks on the healthcare segment will continue to grow in 2017 (4).
Want to learn more about ransomware, how to protect your hospital from a cyber attack, and what to do in case of an attack? Download our ransomware brief, “How to Prevent Ransomware Attacks in Healthcare – And Respond if You Are Under Attack,” today.
Practice Director – G Suite / Cloud Search / Workplace
 Davis, Jessica. “Ransomware: See the 14 hospitals attacked so far in 2016.” October 5, 2016. http://www.healthcareitnews.com/slideshow/ransomware-see-hospitals-hit-2016?page=1
 Pagliery, Jose. “U.S. hospitals are getting hit by hackers.” March 28, 2016. http://money.cnn.com/2016/03/23/technology/hospital-ransomware/
 Winton, Richard. Hollywood hospital pays $17,000 in bitcoin to hackers; FBI investigating.” February 18, 2016. http://www.latimes.com/business/technology/la-me-ln-hollywood-hospital-bitcoin-20160217-story.html
 Conn, Joseph. “Report predicts more healthcare cyber and ransomware attacks in 2017.” December 2, 2016. http://www.modernhealthcare.com/article/20161202/NEWS/161209980