Ransomware has dealt heavy blows to healthcare organizations in the past several years as it has increased in frequency. The Ponemon Institute even ranked it among the top threats facing healthcare. Not only is ransomware financially damaging, but the situation also becomes especially precarious in the healthcare industry because lives, in addition to data, could be at risk.
Paying ransomware fees has become a controversial topic within the security industry. A hospital can choose to pay the ransom to restore their systems and provide their patients the care they need. For example, in early February, ransomware locked access to the computer systems of the Hollywood Presbyterian Medical Center (HPMC). In order to gain access to their systems, the HPMC CEO decided to pay the 40 bitcoins ($17,000) ransom.
As ransomware continues to strike, some believe paying is the right decision; others feel that by giving in to ransom demands, institutions merely invite more extortionists to attack. In some instances, not paying the ransom could pose severe health risks for patients (e.g., locked access to medical devices). Sean Mason, director of threat management and incident response at Cisco Security Services, states that this situation is an exception: “If there is an impact to human life, that’s a no brainer. You pay the ransom.”
On the other hand, when data and system access are the main variables at risk, there is no evidence that paying the fee means organizations will get their data unlocked or that the criminals will not try to extort even more money. According to security pros at CSO, “Ransomware criminals prey on the fear of their victims whether the ransomware impacts patient health or shareholder profit . . . which is why paying should be a last resort.” Instead, healthcare organizations should prepare themselves for an imminent attack so they are well placed to recover and move on.
Rather than succumb to fear and coercion, healthcare organizations and other enterprises need more situation awareness. Understanding how ransomware infects a computer system is critical to help prevent attacks or to minimize the damage in the event of an attack.
Ransomware can infect a system in many different ways, but phishing emails are the primary method for distributing ransomware. One study showed that 93% of phishing emails contained ransomware. As with all types of phishing emails, attackers will attempt to trick the recipient to click on an embedded URL or attachment that will download the ransomware onto the computer.
Educate healthcare personnel to be wary of attachments and links contained within any email, but especially emails from unknown senders. Users should verify that URLs are legitimate before clicking on links. Ongoing awareness training can keep cybersecurity on employees’ minds and help them establish safe email habits.
Endpoint security, such as a robust anti-malware/anti-virus software, can go a long way in mitigating a ransomware attack before it starts. The best option for an anti-virus software is one that runs in real-time so that it scans new emails as they are opened rather than software that must be run manually in order to scan. Because malware authors are constantly creating new variations of malware, it is imperative that an anti-virus software updates its detection database for new malware often.
Backing up computers can help minimize the damage of a ransomware attack. This can be done using an external hard drive. However, ransomware encrypts all hard drives, including external ones, so an external hard drive should be disconnected after each back-up. Another option is to employ a cloud provider to back-up the system.
Ransomware, and other malware in general, will only pose bigger risks as the threat landscape continues to broaden alongside technology. Healthcare organizations and other enterprises must first understand the consequences of ransomware and ransom fees, and then establish a plan that includes employee education, best security practices, and regular computer backups in order to spot ransomware before it hits and better protect patients and valuable data overall.