Skip to main content

Ransomware alert for healthcare practices

By August 26, 2016November 20th, 2018Article

Ransomware is becoming a growing problem for the healthcare industry. With around a dozen attacks on hospitals being reported since the beginning of the year, you may be wondering just how severe the problem is. Should you be alarmed? How can you protect your practice? Here’s an inside look at how the ransomware epidemic is affecting the U.S. and Canadian healthcare systems.

The ransomware strike on Hollywood Presbyterian Medical Center on February 5 was one of the first major attacks this year. The hospital lost control of its computer system
to hackers and was forced to pay them $17,000 to regain control.

“The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this,” stated Allen Stefanek, President of the medical center.

Access to Hollywood Presbyterian’s EMR system was restored on Monday, February 15, over a week after the initial attack. So what can be learned from this story? Well, it raises a very important question…

Should you pay a hacker who’s infected your system with ransomware?

It’s a vexing question, and unfortunately the consensus on the answer is split. The problem is that the ransomware is very intelligently designed. While it may sound absurd to pay so much money to a hacker, especially when there’s no guarantee your systems will be restored, oftentimes there’s not much choice.

“The ransomware is that good. To be honest, we often advise people just to pay the ransom,” said Joseph Bonavolonta, an Assistant Special Agent of the FBI’s CYBER and Counterintelligence Program.

While Bonavolonta and other law enforcement officials advise businesses to pay the ransom, the U.S. government has recommended the opposite. In a release made public late last month, U.S. officials noted, “Individuals or organizations are discouraged from paying the ransom, as this does not guarantee files will be released. Report instances of fraud to the FBI at the Internet Crime Complaint Center.”

The reasoning behind this argument is that by paying the ransom, you’re encouraging hackers to attack more practices.

How deep does the ransomware epidemic go?

According to Symantec’s 2015 Internet Security Breach Report, the healthcare industry had the highest number of data breaches for four years in a row and suffers 37% of all breaches that occur. In fact, last year alone there were more than 250 separate incidents of data breaches in healthcare affecting more than 112 million records. Sadly, the problem doesn’t look to be getting any better. Many experts believe that attacks are likely to grow in number and scale.

Why healthcare?

Hackers know that most healthcare facilities haven’t installed proper security measures to protect themselves. Hospitals have tight budgets, often emphasize convenience over security, and have multiple entry points into their system—all of which makes them easy prey for cyber criminals. Of course, hackers don’t breach a system just because it’s easy. They do it because there is valuable information stored inside, and healthcare facilities are ripe with info that can fetch a high price on the black market. The fact that the system is easier to breach just makes healthcare facilities a more alluring target.

What can you do?

It all starts with paying more attention to security in general. However, every practice can secure their system by including staff training that allows employees to better identify phishing emails, restriction of access to sensitive information, encryption, and two-factor authentication. While these are a few basic tactics you can use to get started, consulting an IT provider that specializes in healthcare security can be a wise decision, providing peace of mind and safety for your valuable data. We are happy to help your practice gain the highest level of security possible. Give us a call today to learn more.