Hospitals hit by Ransomware

Hospitals hit by Ransomware

There are few industries that haven’t been affected by the rampant onslaught of hackers, but some have definitely been hit harder than others. Health care organizations in particular have accounted for some of the high-profile breaches of the past few years.

Most of these breaches were executed in an effort to steal protected health information that includes contact information, Social Security numbers, credit card data and other information that can be bought and sold in the Web’s darkest nooks. However, while some act as middle men. Others have an even more sinister purpose: extortion.

Downtime due to Ransomware

Medical personnel, hospital staff and patients at a prominent Medical Center in Hollywood were caught off guard by a crippling cyberattack that began on Feb. 5, 2016, and lasted for an entire week, according to NBC. CSO subsequently reported that the hospital’s computer systems were infected with malware that encrypted important data. As a result, not all patient information was accessible, and in some parts of the hospital, CT scans, lab work and other key systems were offline. It wasn’t long before the hospital declared an internal emergency. Even though patient care was reported to have been unaffected, some patients were moved to other facilities, and ambulances were directed to bring patients to nearby institutions. Because computers were down, pen and paper were used to document information, and fax machines were used for communication purposes.

From the beginning, the incident had all the markers of a ransomware attack: Hackers were known to be involved in the network shutdown, and early reports suggested that there was a ransom involved. These types of attacks rely on nasty CryptoLocker strains of malware that encrypt an organization’s data, effectively eliminating access to anyone who doesn’t have the decryption key. The hacker then demands a ransom in exchange for the key, and in many cases, the victim has little choice but to comply. According to the Los Angeles Times, the Medical Center paid the cyberattackers $17,000 in Bitcoin to get them to lift the attack.

Growing problem. Few solutions.

The Medical Center is on a long list of organizations that have fallen prey to ransomware. Researchers estimate that more than 90,000 ransomware infections occur every day, according to Forbes. Worse yet, a recent study by the Online Trust Alliance has found that ransomware is on the rise. It’s hard enough to believe that there are as many as 90,000 of these attacks every day, but the fact that this number is expected to increase is even more alarming.

The reason ransomware is so effective is because there are so few ways to remediate this type of cyberattack. Once drives have been encrypted, all company data is essentially lost if the ransom is not paid. Not to mention, there’s no guarantee that hackers will actually turn over the key upon getting the ransom. Still, organizations that value their data are all too often left only with the option of paying the desired sum and hoping for the best.

So what can be done?

Ransomware is often distributed through phishing scams, which entails luring an authorized user to a source that downloads and installs the encryption malware onto the network. Relentless vigilance as a best practice is the first preventative measure to avoid ransomware and other forms of malicious software on the Web.

Anti-executable software can also act as a preventative tool by barring unauthorized application executions on a network. In other words, malware capable of resulting in a cyber-ransom situation might never have the chance to run in the first place

Even then, there’s no failsafe to avoid being hit by malware, and when it’s encryption malware, many companies may feel backed against a wall. However, there is a way that encryption malware can be completely removed from a system, and it entails using system restore software.

Solutions such as Faronics Deep Freeze have a reboot to restore functionality, which essentially resets desired configurations on a system upon a restart. This can be useful in the event of a ransomware attack. Rather than forking over cryptocurrency, administrations can perform a complete clean sweep of their systems to rid the network of the ransomware.

Sometimes the only way to fix a problem is to erase it completely. Get a fresh start with reboot to restore software from Faronics.

Suzannah Hastings

Suzannah is interested in all things digital, from software security to the latest technological advances. She writes about ways in which the increasingly internet-driven landscape changes our lives, and what we can expect in the future.