Ransomware In The Healthcare Industry

In 2019, the healthcare industry took some big cybersecurity hits, including significant data breaches and some high-profile ransomware attacks. The American Medical Collection Agency data breach dominated 2019, affecting more than 25 million patients, and ransomware made a strong comeback, recently forcing three hospitals to shut down. Whichever way you look at it, cybersecurity has become an enormous issue for the healthcare industry, with ransomware rapidly becoming the number one threat.

Data Security Is Key

Patients and providers need reassurance that the tools and technologies they rely on daily are as secure as they can possibly be, and that their data will not fall into the hands of hackers or become encrypted by ransomware. That crucial data must always be kept secure, no matter the circumstances, which is no easy feat for even the largest healthcare providers. It’s not just patients who take medical data security seriously, either. Industry regulators and the government impose strict regulations on healthcare data and healthcare providers need to balance those with the need for data sharing.

With a number of different government agencies imposing strict data security standards, new healthcare products, tools, and services must be built with cybersecurity in mind and engineered to withstand cyberattacks and ransomware.

Part of this is a demand for a hefty risk assessment and a compulsory adherence to cybersecurity-first processes and practices. If you are a healthcare provider struggling with cybersecurity, here is Digital Hands’ advice for making your healthcare organization a safer and more cyber-secure place. 

Make Specific People Responsible For Product Cybersecurity 

If you have the resources, build a dedicated team, and make them responsible for cybersecurity. If you do not have the resources, make specific people on your team responsible for cybersecurity and let them know they own it.  That way, their priority will always be mitigating hypothetical cybersecurity incidents before they occur. They should be working out cybersecurity response plans and thinking through all of the worst-case scenarios, so when the day comes you and your people are ready.

Prepare For Ransomware

Ransomware is currently a top-three risk for healthcare providers, especially if their cybersecurity defenses are not up to scratch. An extreme example of this was a ransomware attack in 2019 on a doctor-owned medical practice in the US. When they were attacked by ransomware and refused to pay the $7000 ransom, the cybercriminals responsible for the attack destroyed all of their patient records, their financial records, and operational data. It crippled the business and forced it to close.

Even if the attackers had not destroyed the practice’s data and the practice agreed to pay the ransom, the IT team would have had to spend an enormous amount of time remediating the issue. The bill for ransomware remediations like this can easily cost hundreds of thousands of dollars depending on the severity and extent of the attack, far exceeding the cost of the actual ransom. In 2019, Erie County Medical Center in New York announced that it had cost them $10 million dollars in remediation and cleanup costs to recover from a ransomware attack on their business. 

The UK’s National Health Service was attacked by ransomware in 2018 which left them with a remediation and cleanup bill of close to $100 million dollars; it affected more than 80 hospitals around the country and impacted thousands of patients.

Hancock Health, a hospital in Indiana, paid out a ransom of $55,000 after attackers targeted the hospital's email system, electronic health records, and internal operating systems. The hackers changed thousands of file names to “I’m sorry” during their attack.

In another instance, the Kansas Heart Hospital was unable to regain access to its network after paying a $47,000 ransom in 2018. Instead, the hackers demanded another payment. This is because as well as being an extortion attempt, ransomware is a way for attackers to gain a persistent foothold in your IT systems and control your data. Many attackers simply get greedy and think that if you paid the ransom once, you are more likely to pay them more money again, making ransom payments a risky proposition.

Similarly, after a ransomware attack on the Hollywood Hospital in California, the hospital paid a $17,000 ransom to unlock their files, but critical patient care was delayed in the process and their operations were severely disrupted while the hospital worked on regaining access to their medical data and operational files. These attacks on healthcare providers are becoming much more frequent and healthcare operations across the country are increasingly finding themselves under attack from ransomware.

Few of them will close their doors because of these attacks, but the attacks cause significant damage to healthcare providers that negatively affect patient care and consumes a lot of resources while the victims recover from the attack. The attacks can jeopardize relationships with patients and also cause legal problems with regulators, meaning that even when providers recover the fall out from an attack can be lasting. 

Most ransomware attacks infect healthcare providers in the same way, the most common is through a phishing email with an attachment containing the ransomware which relies on one of your employees clicking on it. Your employees can also become infected just by looking at a website advert laden with malware (malvertising) which silently downloads the payload, so be careful which websites you browse.

Here are Digital Hands top three tips for defending against ransomware attacks.

1) Protect Against Infection - As doctors like to say, an ounce of prevention is worth a pound of cure and this doubly applies to cybersecurity. Making sure that advanced end-point protection solutions are installed and kept up to date on healthcare systems can make a lot of difference and is the first step in avoiding potential virus and malware attacks.

2) Back-Up All Data - Many ransomware attacks are so crippling because the victims have completely neglected to back up their data, making it extremely difficult to recover the data without paying the ransom. When you regularly perform backups (daily) of your data you effectively insulate yourself from ransomware and are able to refuse to pay ransoms and restore your data, it makes attacks a nuisance rather than a disaster.

3) Create A Response Plan - Every healthcare provider should have a proper incident response plan in place which informs them of the steps to take should an attack occur. The plan should contain a playbook for containing ransomware damage, restoring services and data, as well as recovering from the attack. Fail to plan means you are planning to fail as the old saying goes, a good starting point is the Computer Security Incident Handling Guide from NIST, the National Institute of Standards & Technology.

Adopt A Responsible Disclosure Strategy

Eventually, a hacker is going to find a hole in your security. This means you must develop and adopt a best practice responsible disclosure policy and make it publicly available. That way, ethical hackers and the information security community know that you are responsible when dealing with security disclosures. 

Make sure that you work with ethical hackers in good faith. They are invaluable for finding holes in your security that you never knew existed and white hat hackers regularly find holes in healthcare providers' cybersecurity defenses.