Rise of Ransomware in Healthcare

By February 2, 2017Health

As more and more healthcare providers, anesthesiologists included, rely on online patient records and portable devices in their medical practices, the importance of understanding cyber-threats will only increase. Of particular interest is a malware called ransomware that has recently grown in popularity among cyber criminals. Its method of attack can appear alarmingly simple; once the victim opens an infected website or clicks on an infected advertisement, the malware can encrypt the files on the victim’s computer or connected digital network and render them unusable unless a ransom is paid for the data to be unencrypted. Ransomware can spread through the system at an alarming rate of less than three minutes and without the correct decryption key, the affected files may be permanently lost. While ransomware first appeared between 2005 and 2009, the recent advent of digital payment methods such as Bitcoin has allowed ransomware attacks to become more lucrative for criminals. While attacks on individuals used to focus on deception to trick victims into paying, attackers can now explicitly demand fees without fear of being tracked or identified.

Hospitals can be particularly vulnerable due to their dependence on daily access to patient records and lower focus on cybersecurity training. Publicized accounts of hospitals paying their ransoms may also contribute to their popularity as targets; in February of 2016, the Hollywood Presbyterian Medical Center in Los Angeles paid $17,000 in Bitcoin to have their access restored. A report by security company Solutionary for quarter 2 of 2016 found that 88% of ransomware detections were in the healthcare industry. Education, the second most affected industry, only accounted for 6% of detections.

Unfortunately, the number of attacks is only expected to increase as the ransomware industry continues to adapt and become harder to beat. The Los Angeles hospital was targeted using a ransomware variant called Locky, which employs phishing campaigns such as mass emails as well as network breaches to steal administrative credentials. Attacks using Locky also focus on locating the organization’s critical files; by inhibiting access to a shared server, they can bring a halt to the target organization’s activity.

In its report, Solutionary suggests that hospitals implement thorough backup and recovery processes as well as ensure that security software is up-to-date. Norton by Symantec, another security company, recommends that all users enable popup blockers and vet emails to prevent users from accidentally clicking on an infected source. In the event of ransomware infection, the company recommends victims avoid paying the criminals and also disconnect from the internet to prevent the transmission of personal information to the attackers. In the case of hospitals, the latter may entail shutting down network operations and reverting to paper records, as Medstar Health did in March 2016 in response to a suspected ransomware attack. If the ransomware variant is known, research can be done into whether there exist tools to bypass the encryption or at least mitigate the damage.

While there are methods of dealing with ransomware incidents, they can still take a toll on the hospital. Without a working patient portal, healthcare providers may find more of their time dedicated to admin tasks rather than patient care.  The best strategies may be those focused on preventative measures such as more rigorous cyber security training for employees. Examples of potential measures, adapted from those by suggested by Health Data Management, are as follows:

  • Educate the workforce on the risks of ransomware and potential sources.
  • Keep personal devices separate from the organization’s internal network to minimize security risk.
  • Create incident response protocols for cyberattacks and run drills to train workers on use of said protocols.

Hospitals should also ensure that their partners in hospital management are equally as dedicated to minimizing cybersecurity risks. Xenon Health has worked with multiple healthcare centers on enhancing their anesthesia services and understands the importance of privacy and cybersecurity to hospitals. Our overall goal is to improve the efficiency of anesthesia services as well as patient care and satisfaction and we fully embrace taking a multifaceted and technology-aware approach to achieve this goal.