Client Alerts

Ransomware in Health Care: The Emerging Threat

About: Cybersecurity & Privacy, Health Care

The health care industry needs to proactively respond to an emerging data security threat. Hackers are not only stealing personal information from health care organizations for resale but are also beginning to shut down health care organizations’ operations using ransomware.

Ransomware is a type of malware that encrypts a victim’s data on its computers and network until it pays a ransom. A ransomware attack is perpetrated by a hacker deceiving an individual within an organization to run malicious software containing the ransomware. Typically ransomware, like other types of malicious code, infects a computer because of a phishing attack, an email sent by a hacker that is designed to trick users into clicking a link or opening an attachment to run the malicious code. If the ransomware is opened and able to operate, it will encrypt the data that it is able to access including, potentially, data stored in the cloud. Encryption essentially makes data worthless because, in general, the only way to make use of the data is by decrypting the data with a key. This is where the ransom occurs. Once ransomware has encrypted a victim’s data, there will be instructions on how the victim can pay the hacker in bitcoin, a virtual currency, to receive the key necessary for decryption.

Health Care Organizations are Targeted for Ransomware Attacks

Although all organizations are potential targets for ransomware attacks, health care organizations have been particularly targeted during the past few months. In February, a hospital in California was the victim of a ransomware attack and paid $17,000 to the hacker to regain access to its systems. While that attack was notable for the amount paid, it is hardly an isolated case. Many other health care providers have been the target of similar attacks.

Health care organizations are an attractive target for ransomware because at best it can create substantial operational problems for providing medical care while the organization reinstates data from backups and at worst can bring health care providers to a standstill. Impairing an organization’s ability to access medical data and provide health care services creates a strong incentive for the victim to pay the ransom.

Taking Action: Planning for the Attack and Response

Ransomware attacks have become a profitable business model for criminals and it is likely the prevalence of such attacks will continue to grow. Organizations should operate under the assumption that they will be the target of a ransomware attack.

Health care organizations should take the following actions to reduce the risk of becoming a victim of a ransomware attack and to be prepared for how to respond if they do suffer an attack:

  1. Perform regular backups of data, test the back restoration process to ensure that backups can be reinstated in a timely manner and confirm that the corporate back up plan details the response process. The backups should be segregated from the computer system in a manner that will prevent the backup data from being encrypted by the same ransomware.
  2. Negotiate contractual provisions with third parties storing data that include provisions related to antivirus protections, notification of a ransomware attack, and other security measures designed to prevent a ransomware attack.
  3. Ensure that software is patched on a regular basis to protect the organization from known vulnerabilities.
  4. Develop relationships with law enforcement officials, such as within the Federal Bureau of Investigation, who may be important contacts in the event of a breach.
  5. Train employees on phishing attacks to reduce the risk that an employee clicks on a link or opens an attachment that includes ransomware.

If you have any questions, please feel free to contact Jennifer Adams.