How Criminals Extort Healthcare Victims With Ransomware

Healthcare organizations are not exempt from ransomware campaigns, whose operations have only mastered ways to make victims pay. Cyberattacks on healthcare systems have spiked since the pandemic, threatening patient care and private data.

As we explain later in this article, all it takes is one employee falling for a fake email to deploy malicious code through a network to exploit additional weaknesses. This article will discuss the damage ransomware attacks can impose on healthcare systems, what makes healthcare an attractive target, and how healthcare administrators can protect themselves from ransomware attacks.

Why Healthcare Is A Viable Target Among Cybercriminals 

Cyberattacks on the healthcare industry have increased in recent years, with ransomware being one of the most common attacks. Some reasons for this trend include:

Download

• Attackers can monetize lots of valuable data: ransomware attacks on hospitals are attractive because they store and process vast amounts of valuable medical data for the hospital and its patients. Additionally, the security of medical data can be very costly if it is sold on black markets. Therefore, victims will likely pay a lot to secure their information.
• Industry protection loopholes leave organizations vulnerable: 89% of healthcare organizations reported at least one data breach. The healthcare sector is most susceptible to ransomware attacks and other data breach.
• Ransomware attacks require little effort and have an enormous payoff: research shows that it is possible to create ransomware in just three steps, even for those without technical skills. It is also easy to spread the virus via email. A healthcare ransomware attack is an ideal scheme because of its low-effort, high-reward strategy.

Ransomware attacks can also affect larger healthcare organizations, as hospitals must remain open and maintain operating systems while continuing to care for patients.

The CIA Pyramid states that ransomware groups often target organizations at the CIA pyramid's C (confidentiality) and A (availability).
Healthcare organizations can suffer from several ransomware-induced issues, including a lack of availability due to an encryption attack or a loss of confidentiality due to data theft and leak extortion.

Ransomware continues to affect many hospitals of all sizes. For defenders, there are several challenges. First, the IT footprint of a healthcare organization is often dispersed across many sites and different types of systems.

Another problem is the inherently sizeable electronic health record systems hospitals depend on. These systems are difficult to manage in terms of the database they use for tracking files and the large files they keep for images such as X-rays, CT scans, and other information.

How Healthcare Threats Have Changed Over Time

The Trojan Horse virus was sent to AIDS researchers in 1989 and is believed to have been the first ransomware attack. From then to the present public health crisis, ransomware has changed significantly. Ransomware is still considered a white-collar crime; however, it is not only committed by hobbyist hackers or amateurs as it once was.

Institutions are now regularly targeted by professional cyber gangs, which are well-trained, well-equipped, well-funded, and often supported by foreign governments. They want to create fear, disrupt daily life, and raise money for violent crimes and terrorist activities.

Cybercriminals are more organized than before but also more skilled and sophisticated. Ransomware attackers may use their illegal gains to reinvest in more powerful malware or computer infrastructure, making it harder for their attacks to be stopped and more challenging for them to be caught.

Cybercriminals are becoming more sophisticated, targeting medical devices, networks, servers, and records. According to an investigation report by the UK National Audit Office, WannaCry ransomware infected 1,200 devices. It caused many to be taken out of service temporarily to stop the malware from spreading. This forced the emergency departments of five United Kingdom hospitals to close and divert patients.

There are many other examples of state-sponsored activities. Cybercrime is used by terrorist and government groups to even the playing field against stronger adversaries. Because they cannot defeat opponents in a direct, head-to-head military confrontation, attackers face less risk by engaging in asymmetrical war, which uses difficult-to-attribute cyberattacks to accomplish their foreign policy, military, and intelligence goals. This can sometimes put hospitals in direct danger from U.S. cyber adversaries.

Ransomware's relative effectiveness rate is another sign of its increased sophistication. In the last two years, ransomware accounted for over 70% of successful cyberattacks against healthcare organizations. Cybercriminals' success suggests new strategies are required to protect hospitals and public health infrastructure.

To combat modern ransomware, hospitals must be vigilant and continuously improve their cybersecurity policies and processes. They must also expand their human and technical threat information-sharing channels because potential internal changes go beyond maintaining current cybersecurity systems. These include integrating cyber risk management into enterprise risk management and raising cyber protection oversight to the board level.

How to Protect Against & Respond to Ransomware in the Healthcare Industry

Ransomware attacks increasingly target the healthcare industry due to the value of sensitive data. Healthcare organizations must take several steps in the event of a successful ransomware attack, such as:

• All infected computers should be removed from the network immediately. Physically unplug any Ethernet cable that connects the computer to the network. Ift the infected computer has been connected to a Wi Fi network, you must turn off the access point because the network management function might not work properly on infected computers.
• Turn off infected computers.
• Do not pay the ransom. Doing so perpetuates ransomware attacks and there is no guarantee your files will be restored. Ransomware gangs target essential organizations and could cause severe consequences if they are not in operation.
• Instead, prepare a rescue media to avoid infection, this media should be read only before being inserted into infected computers.
• Recover from the rescue media and delete the ransomware. Send the archive encrypted with a password to a ransomware lab that specializes in ransomware analysis.
• Save an image of any disks that contain encrypted/corrupt files that may be needed later for data recovery and analysis.
• Use software to recover deleted files. If the ransomware has not overwritten the disk or erased it, you might be able to recover some files. Copy the files you have recovered to an external drive.
• You can recover data from a backup. Before you start recovery, make sure you have deleted all corrupt files. You should consider erasing infected files and beginning full recovery because viruses can leave behind security holes, or other backdoor exploits that could be activated later on.
• Update passwords on all affected computers. Also, modify passwords for wireless networks, email accounts, and other passwords.
• Report to the authorities about ransomware attacks on you and your company.

Ransomware attacks in the healthcare industry are dangerous and costly. However, there are ways to prevent them and protect your organization from this threat.

Use Preventive Measures

Similar to health conditions, when it comes to email security is easier to prevent than to treat, so it is important to have a strong and reliable antivirus system installed on all corporate computers. A premium package has more protection functions and is better than the standard version.

Consider Insurance Coverage

You will be able to rest assured if you have insurance that covers ransomware attacks. While it doesn't cover all possible outcomes, you won’t have to pay any additional costs in the event of a ransomware attack.

Utilize AI and ML Anti-fraud Solutions

Artificial intelligence (AI), machine learning (ML), and other technologies that can track real-time data, send alarms in case of suspicious emails or other signs of ransomware attacks, and send alerts. These technologies are useful for data protection, detection of insurance frauds, analysis of data, drug accounting, as well as other critical tasks.

Protect Against Ransomware with EnGarde Cloud Email Security

Guardian Digital EnGarde Cloud Email Security protects against ransomware through dynamic malicious URL and attachment protection, real-time behavioral analysis, and drive-by download protection. The system employs an auto-learn security system that helps defend against emerging ransomware attacks before they reach the inbox.

Medical Worker Causes Shutdown of Vermont Hospital After Critical Click on Email

In 2022, 24 US-based healthcare organizations were the target of successful ransomware attacks. These incidents affected a total of 289 hospitals.

A University of Vermont Medical Center employee made a critical mistake when she opened an emailed file from her hacked homeowner’s association. This mistake led the University of Vermont Health Network, including Burlington's largest hospital, to cancel procedures and delay mammogram appointments and cancer patients' treatment.

Officials were forced to close all internet connections and access to electronic health records to stop cyber criminals from causing more damage by the ransomware attack.

“Everything was down. So our phones were down. We no longer had fax machines. … You couldn’t use email to communicate,” Dr. Stephen Leffler, the system’s president and chief operating officer, said of the attack. “That first evening, we actually sent people over to Best Buy to buy walkie-talkies.” The ransomware destroyed the computer infrastructure on which the encrypted data resided, requiring significant time to rebuild those systems. Fortunately, the clinic had access to downtime procedures to print out patient information and continue care.

In recent years, cyberattacks have increased, targeting hospitals and healthcare organizations throughout the United States. These attacks have disrupted patient care, endangered patients’ well-being, and included public health facilities operated by state or local governments.

Keep Learning About Ransomware Prevention

Healthcare organizations are constantly at risk of cyberattacks that threaten the safety of their patients. Because of this, cybersecurity is critical for patient safety, minimizing enterprise risk, and business continuity.

• Find out how to protect your business from ransomware.
• Strengthen your digital security posture to protect against attacks by following best practices.
• Maintaining the integrity of your email requires securing the cloud with spam filtering and enterprise-grade anti-spam services.
• Get the latest updates on how to stay secure online.