Preventing Ransomware Attacks from Infecting Your Hospital

At the start of his shift, the hospital IT Director takes a sip of coffee and fires up his computer as he gets organized for the day. His team is in the middle of handling a major update, and he is anxious to ensure everything goes smoothly. But instead of a start-up screen, he sees a message.

The hospital’s computer systems have been hacked. Pay up within 7 days to get the key to release your files. If you do not pay, you will permanently lose access to your files.

Without access to the hospital’s electronic health records, medical teams will have to rely on paper charts and patient memories for clinical decisions, and the financial and operations teams will come to a screeching halt as resources are diverted to manage this crisis.

He rushes to huddle his team together to craft a plan of attack that will restore access to hospital data as quickly as possible. The well-being of patients could be at stake.

It sounds like the plot of a straight-to-television film, but ransomware threats to hospitals and patients are very real, very serious, and becoming more common.

Hospitals are targeted by ransomware attacks more often than any other type of business. In fact, 88 percent of ransomware attacks are directed at hospitals, according to Solutionary, an NTT Group security company.

So what is ransomware, anyway? And what can hospitals do to protect themselves from attack?

Why Is Ransomware Such a Threat to Hospitals?

More and more, hackers are using malicious software (malware) to infiltrate hospital systems, lock or encrypt the facility’s files—including patient health records and financial information—and hold it hostage. Hospitals are instructed to pay a ransom in cryptocurrency such as Bitcoin, often worth thousands of dollars, in exchange for the key to release the data. WannaCry and Petya are well-known recent examples of this.

While some hackers exploit lax cybersecurity practices at hospitals to plant ransomware on their own, employees often are an easy access point through email phishing scams. A recent study showed that 78 percent of healthcare employees lacked proper cybersecurity training and awareness.

Why are hospitals such a hot target for ransomware? There are a few reasons:

• Personal health information is extremely valuable on the black market—worth 10 times the value of credit card information, according to the FBI.
• Whether through a lack of resources or expertise, healthcare facilities spend less on cybersecurity technology and training than other industries.
• Hospitals typically use several electronic systems and medical devices, providing multiple entry points for cybercriminals. Some facilities have legacy technology that isn’t easily protected.
• Against most law enforcement advice, hospitals may be more likely to pay ransoms quickly to restore access to critical information in an effort to protect their patients.

The fallout from a hospital data breach can be significant, including potentially serious effects for patients, financial and legal repercussions, operational expenses, and reputation damage. The cost of a data breach for healthcare facilities is about $408—per patient record—says a new Ponemon Cost of a Data Breach Report.

Between April and June 2018 alone, the Protenus Breach Barometer reported that more than 3.14 million healthcare records were exposed by data breaches at just 142 hospitals. Do the math per hospital, and it quickly adds up millions of dollars in costs.

In addition, patient attrition is a major concern—more than half of hospitals patients would switch providers following a data breach, says a survey from TransUnion Healthcare.

Get Ahead of Ransomware Attacks with Preventive Techniques

The good news is, hospitals can take steps to prevent ransomware attacks. Todd Williams, MEDHOST Manager of Security Operations, advises improving employee cybersecurity training and a layered approach to cybersecurity so that when physical safeguards fail, logical safeguards are in place, as well as end-user and access point protections.

After all, 75 percent of cybersecurity incidents stem from accidental insider threats. In fact, HIMSS Analytics reports that email is by far the No. 1 culprit for ransomware attacks.

Teach employees to avoid becoming “patient zero” in a data breach by thinking before they click. Train them to recognize dubious emails, hyperlinks, or attachments; never to use hospital computers for personal reasons; and to report phishing or suspicious activity immediately. Read more about how cybersecurity is a social responsibility here.

In addition to regular training for employees, hospitals should implement additional cybersecurity practices:

• Secure hospital email with filters and antivirus software.
• Limit access to dangerous websites.
• Implement multi-factor authentication to prevent credentials from being compromised.
• Leverage next-generation firewalls, anomaly detection systems, identity management solutions, and other technology.
• Maintain and test backups regularly.
• Patch software and run updates promptly.
• Review cybersecurity policies and procedures regularly.
• Alert employees to known and common phishing attempts.
• Leverage the help of a cybersecurity partner to expand and strengthen resources.

Enlist Proactive Cybersecurity Support

The Protenus Breach Barometer showed that for hospital teams responsible for responding to insider threats, one investigator monitors an average of nearly 4,000 employees across 2.5 hospitals. For many hospitals, including small or rural facilities, having the support of a partner like MEDHOST is critical.

Hospitals leveraging extensive automated security technology saved more than $1.5 million on the total cost of a data breach, according to the Ponemon report. And the quicker the data breach resolution, the lower the cost as well.

At MEDHOST, security is paramount, so there is no sliding scale on our security services. It’s part of the package. Everything we do for our customers, we also do for ourselves: the same tools, the same policies to monitor, audit, and alert us to data access anomalies with behavioral analytics against structured and unstructured data.

Here is a snapshot of the efforts we put in to protect our customers and ourselves from cyberattacks:

• 3 million emails blocked annually to @medhost.com addresses
• 35,000 intrusion events blocked annually
• 105,000 blocked web events annually (malware and content filtering)
• 525,000 blocked/dropped from threat feeds annually
• 15,000 CNC, malware, phishing attempts prevented monthly
• 385 indicators of compromise found on prospective clients from 2017
• Visit the MEDHOST Direct page for more information.