Please fill in the form below to subscribe to our blog

The Ransomware Assault on Healthcare

June 12, 2017

Hospital networks can unfortunately become a goldmine for attackers that use ransomware worms as their weapon. If deployed, lives may be endangered, hospitals usually must pay the ransom, or pay to get files retrieved and its reputation could be damaged. Because these attacks are increasing due to lucrative benefits, teaching and reminding hospital staff to use valuable cyber hygiene is imperative.

According to Microsoft, 500 million tainted emails are sent out a quarter, all with improved malicious threats. Usernames, passwords and email addresses are all coveted information, which will continuously perpetuate the loss of personal data to the dark web, and in this case, an increase in monetary funds. Cyber-attacks cannot be completely eradicated but with a network action plan, attacks can be mitigated.

Attacks happen, often, here’s how

There is a multitude of ways that computer networks and PC’s can become compromised. Once the ransomware encrypts your files, it spreads to any vulnerable PC on the same local network, creating damage as it spreads.

Hospital staff can download malicious actors in various ways. Whether it’s through spam emails with bad links and attachments or malicious code within web pages, infections can decrease radically if staff are more vigilant.

Ransomware is on my computer. Now what?

The ransomware spreads from one computer to another seeking out security exploits in the software. Sophisticated versions can even jump between computers on your network, without you knowing. To learn more about this process, examine ransomware case studies and find new technologies implemented in healthcare networks across the country, view our webinar here.

Protecting a hospital network and what’s most important, it’s patients. 

  • Update your devices including the latest security updates. It is hard to stay protected from the new attack if the most recent security patches aren’t in place.
  • Back up the data to an external hard drive and keep this offline until needed. Maintain hard copies of patient records as well.
  •  The email password credentials of your employees can be stolen due to redundant password use. If a bad actor successfully accesses an email account numerous things can pursue:
    • Through social engineering efforts, an attack vector or ransomware in this case, can be sent to people on contact lists. Because the email is from a trusted source, some people will click on the link or attachment, which can cause more data loss. Employee’s need to be cognizant of email wording and context.
    • Information can be found out about the network and without any detection.
    • Passwords can be found that will compromise other accounts.
  • Never open unknown sender or spam emails and if an email is open do not click on a link or download a file.
  • Do not click on pop-up advertising, even if you’re clicking cancel on the add itself.
  • Monitor the Dark Web to identify any of your missing data that can be used against you.

As the frequency of data breaches continues to increase, how would it have an affect on medical records and patients? Let us know your thoughts. Tweet us at @ID_Agent!