Posted on April 17, 2017

As a Trojan, ransomware has been around for a long time. Cybercriminals typically hit the average user with the distribution of this nasty virus and since they had such a great level of success, the criminals decided to change their tactics and attack the one industry that they knew were most vulnerable: hospitals and clinics.

Unlike other types of system breaches, ransomware takes advantage of the ‘human element’. Their delivery is typically via an email attachment, URL phishing expedition link or even on a tile on a website. Once clicked or opened, the Trojan is downloaded. It functions by changing all of the critical file and folder names without the individual user being aware of it and then seeks out any networks that the device is attached to and accomplishes the same dastardly deeds. In essence, it locks everyone out of the system and then displays a screen announcement demanding a ‘ransom Bitcoin dollar payment’ for the unlock code.

What makes the medical industry the perfect target? The absolute life and death requirement for patient data access. When they are locked out, patients can be at risk and cybercriminals are aware of this, making the assumption that whatever dollar demands that they make, they will be paid. This change in approach altered the previous user demand of $300-$500 and escalated it to institutional dollar demands from $15,000-$20,000.

As per an article in “If you have patients, you are going to panic way quicker than if you are selling sheet metal,” says Stu Sjouwerman, CEO of the security firm KnowBe4. Hospitals are a good target for another reason as well: they “have not trained their employees on security awareness … and hospitals don’t focus on cybersecurity in general,” he says. Instead, their primary concern is HIPAA compliance, ensuring that employees meet the federal requirements for protecting patient privacy.”

How bad has this scourge been in the medical industry? Thus far, hospitals and clinics around the country have been hit, including: Hollywood Presbyterian Medical Center in Los Angeles, CA. Methodist Hospital in Henderson, KY, MedStar Health, which has ten hospitals and more than 250 out-patient clinics in the Maryland/Washington, DC area, and the list goes on. The most commonly successful delivery method that the criminals use is an email attachment (typically an Adobe pdf) that seems to be sent from a familiar company or organization.

The cybercriminals have experienced an incredible volume of profit, however, the situation has become so dire that the FBI and other government agencies have been brought in to investigate. Some of the cybercriminals have collected the ransom money without offering the unlock code and the officials are now advising that the medical industry refuse to comply with payment.

The best way to help to avoid this type of breach is to bring a security specialty company onboard to advise staff and to also establish an open communication policy for these employees so that they know that they can report a personal mistake without repercussions.