How Criminals Extort Healthcare Victims With Ransomware

Healthcare organizations are not exempt from ransomware phishing campaigns, whose operations have mastered ways to make victims pay a large sum. Cyberattacks on healthcare systems have spiked since the pandemic, threatening patient care and risking private data loss.

All it takes is one employee falling for a fake email to deploy malicious code through a network to exploit additional weaknesses. This article will discuss the damage malware ransomware attacks can impose on healthcare systems, what makes healthcare an attractive target, and how healthcare administrators can protect themselves from ransomware attacks.

Why Is Healthcare A Viable Target Among Cybercriminals?

Cyberattacks on the healthcare industry have increased in recent years, with ransomware being one of the most frequent phishing attacks. Some reasons for this trend include:

Why Healthcare is a Viable Target Among Cybercriminals Guardian Digital1Download

  • Attackers can monetize lots of valuable data: many ransomware attacks on hospitals are attractive because they store and process vast amounts of valuable medical data for the hospital and its patients. Additionally, the security of medical data can be very costly if it is sold on black markets. Therefore, victims will likely pay a lot to secure their information.
  • Industry protection loopholes leave organizations vulnerable: 89% of healthcare organizations reported at least one data breach. The healthcare sector is most susceptible to ransomware attacks and other forms of data loss.
  • Ransomware attacks require little effort and have an enormous payoff: research shows that it is possible to create ransomware in only a few steps, even for those without technical skills, and it is especially easy to spread these viruses via email. A healthcare ransomware attack is ideal because of its low-effort, high-reward strategy.

Ransomware attacks can also affect larger healthcare organizations, as hospitals must remain open and maintain operating systems while continuing to care for patients.

The CIA (Confidentiality, Integrity, Availability) Pyramid states that malware ransomware groups often target organizations at the CIA pyramid's C (confidentiality) and A (availability).

Healthcare organizations can suffer from several ransomware-induced issues, including a lack of availability due to an encryption attack or a loss of confidentiality due to data theft and leak extortion.

Ransomware continues to affect many hospitals of all sizes. For defenders, there are several challenges. First, the IT footprint of a healthcare organization is often dispersed across many sites and different types of systems. Another problem is the inherently sizable electronic health record systems hospitals depend on. These systems are difficult to manage in terms of the database they use for tracking files and the large files they keep for images such as X-rays, CT scans, and other information.

How Have Healthcare Threats Changed Over Time?

The Trojan Horse virus was sent to AIDS researchers in 1989 and is believed to have been the first ransomware attack. From then to the present public health crisis, ransomware has changed significantly, though it is still considered a white-collar crime. However, it is not only committed by hobbyist hackers or amateurs as it once was, but also by professional cyber gangs, which are well-trained, well-equipped, well-funded, and often supported by foreign governments. They want to create fear, disrupt daily life, and raise money for violent crimes and terrorist activities.

Cybercriminals are more organized than before but also more skilled and sophisticated. Ransomware attackers may use their illegal gains to reinvest in more powerful malware ransomware or computer infrastructure, making it harder for their attacks to be stopped and more challenging for them to be caught while in the process of cybersecurity phishing.

Sophisticated attackers also target medical devices, networks, servers, and records. According to an investigation report by the UK National Audit Office, WannaCry ransomware infected 1,200 devices. It caused many to be taken out of service temporarily to stop the malware from spreading. This forced the emergency departments of five United Kingdom hospitals to close and divert patients.

There are many other examples of state-sponsored activities. Cybercrime is used by terrorist and government groups to even the playing field against stronger adversaries. Because they cannot defeat opponents in a direct, head-to-head military confrontation, attackers face less risk by engaging in asymmetrical war, which uses difficult-to-attribute cyberattacks to accomplish their foreign policy, military, and intelligence goals. This can sometimes put hospitals in direct danger from U.S. cyber adversaries.

Ransomware's relative effectiveness rate is another sign of its increased sophistication. In the last two years, ransomware accounted for over 70% of successful cyberattacks against healthcare organizations. Cybercriminals' success suggests new strategies are required to protect hospitals and public health infrastructure.

To combat modern ransomware, hospitals must be vigilant and continuously improve their cybersecurity policies and processes. They must also expand their human and technical threat information-sharing channels because potential internal changes go beyond maintaining cybersecurity software. These include integrating enterprise email security and cyber risk management into cybersecurity servers for oversight at the board level.

How Can I Protect Against & Respond to Ransomware in the Healthcare Industry?

Ransomware attacks increasingly target the healthcare industry due to the value of sensitive data. Healthcare organizations must take several steps in the event of a successful ransomware attack:

  • All infected computers should be removed from the network immediately. Physically unplug any Ethernet cable that connects the computer to the network. If the infected computer has been linked to a Wi-Fi network, you must turn off the access point because the network management function might not work correctly on infected computers.
  • Turn off infected computers.
  • Do not pay the ransom. Doing so perpetuates ransomware attacks, and there is no guarantee your files will be restored. Ransomware gangs target essential organizations and could cause severe consequences if not in operation.ransomware stat
  • Instead, prepare a rescue media to avoid infection. This media should be read only before being inserted into infected computers.
  • Recover from the rescue media and delete the ransomware. Send the archive encrypted with a password to a ransomware lab specializing in ransomware analysis.
  • Save an image of any disks that contain encrypted/corrupt files that may be needed later for data recovery and analysis.
  • Use software to recover deleted files. You can recover some files if the ransomware has not overwritten or erased the disk. Copy the files you have recovered to an external drive.
  • You can recover data from a backup. Before you start recovery, make sure you have deleted all corrupt files.  It would be best to consider erasing infected files and beginning full recovery because viruses can leave behind security holes or other backdoor exploits that could be activated later.
  • Update passwords on all affected computers. Also, modify passwords for wireless networks, email accounts, and others to ensure further cyber threat protection.
  • Report to the authorities about ransomware attacks on you and your company.

Ransomware attacks in the healthcare industry are dangerous and costly. However, there are ways to prevent them and protect your organization from this threat.

Use Preventive Measures

Similar to health conditions, when it comes to email, security is easier to prevent than to treat, so it is crucial to have a robust and reliable antivirus system installed on all corporate computers. A premium package has more protection functions and is better than the standard version.

Consider Insurance Coverage

You will be able to rest assured if you have insurance that covers ransomware attacks. While it doesn't cover all possible outcomes, you won’t have to pay any additional costs in the event of a ransomware attack.

Utilize AI and ML Anti-fraud Solutions

Artificial Intelligence (AI), Machine Learning (ML), and other technologies can track real-time data send alarms in case of suspicious emails or other signs of ransomware attacks, and send alerts. These technologies are helpful for data protection, detection of insurance frauds, data analysis, drug accounting, and other critical tasks.

Protect Against Ransomware with EnGarde Cloud Email Security

Guardian Digital EnGarde Cloud Email Security protects against ransomware through dynamic malicious URL and attachment protection, real-time behavioral analysis, and drive-by download protection. This cybersecurity software employs an auto-learn security system that helps defend against emerging ransomware attacks before they reach the inbox.

Medical Worker Causes Shutdown of Vermont Hospital After Critical Click on Email

In 2022, 24 US-based healthcare organizations were the target of successful ransomware attacks. These incidents affected a total of 289 hospitals.

A University of Vermont Medical Center employee made a critical mistake when she healthcare ransomware statopened an emailed file from her hacked homeowner’s association. This mistake led the University of Vermont Health Network, including Burlington's largest hospital, to cancel procedures and delay mammogram appointments and cancer patients' treatment.

Officials were forced to close all internet connections and access to electronic health records to stop cyber criminals from causing more damage by the ransomware attack.

“Everything was down. So our phones were down. We no longer had fax machines. … You couldn’t use email to communicate,” Dr. Stephen Leffler, the system’s president and chief operating officer, said of the attack. “That first evening, we actually sent people over to Best Buy to buy walkie-talkies.” The ransomware destroyed the computer infrastructure on which the encrypted data resided, requiring significant time to rebuild those systems. Fortunately, the clinic had access to downtime procedures to print out patient information and continue care.

In recent years, cyberattacks have increased, targeting hospitals and healthcare organizations throughout the United States. These attacks have disrupted patient care, endangered patients’ well-being, and included public health facilities operated by state or local governments.

Keep Learning About Ransomware Prevention

Healthcare organizations are constantly at risk of cyberattacks that threaten the safety of their patients. Because of this, cybersecurity is critical for patient safety, minimizing enterprise risk, and business continuity.

In this article...

Must Read Blog Posts

Latest Blog Articles