The health care industry needs to proactively respond to an emerging data security threat. Hackers are not only stealing personal information from health care organizations for resale but are also beginning to shut down health care organizations’ operations using ransomware.
Ransomware is a type of malware that encrypts a victim’s data on its computers and network until it pays a ransom. A ransomware attack is perpetrated by a hacker deceiving an individual within an organization to run malicious software containing the ransomware. Typically ransomware, like other types of malicious code, infects a computer because of a phishing attack, an email sent by a hacker that is designed to trick users into clicking a link or opening an attachment to run the malicious code. If the ransomware is opened and able to operate, it will encrypt the data that it is able to access including, potentially, data stored in the cloud. Encryption essentially makes data worthless because, in general, the only way to make use of the data is by decrypting the data with a key. This is where the ransom occurs. Once ransomware has encrypted a victim’s data, there will be instructions on how the victim can pay the hacker in bitcoin, a virtual currency, to receive the key necessary for decryption.
Health Care Organizations are Targeted for Ransomware Attacks
Although all organizations are potential targets for ransomware attacks, health care organizations have been particularly targeted during the past few months. In February, a hospital in California was the victim of a ransomware attack and paid $17,000 to the hacker to regain access to its systems. While that attack was notable for the amount paid, it is hardly an isolated case. Many other health care providers have been the target of similar attacks.
Health care organizations are an attractive target for ransomware because at best it can create substantial operational problems for providing medical care while the organization reinstates data from backups and at worst can bring health care providers to a standstill. Impairing an organization’s ability to access medical data and provide health care services creates a strong incentive for the victim to pay the ransom.
Taking Action: Planning for the Attack and Response
Ransomware attacks have become a profitable business model for criminals and it is likely the prevalence of such attacks will continue to grow. Organizations should operate under the assumption that they will be the target of a ransomware attack.
Health care organizations should take the following actions to reduce the risk of becoming a victim of a ransomware attack and to be prepared for how to respond if they do suffer an attack:
If you have any questions, please feel free to contact Jennifer Adams.