Healthcare a prime target as ransomware threat widens

Holding valuable data hostage with ransomware, cyber criminals have created a lucrative market for personal information that is even more profitable than other malware, according to Federal Trade Commission Chairwoman Edith Ramirez.

Speaking at a September 7 FTC workshop on ransomware, Ramirez called it a “new business model” for malicious activity is a growing cybersecurity problem across all industries and that no organization is immune from these kinds of attacks.

And the FTC chief contends that the healthcare industry seems to be particularly vulnerable to the file-encrypting malware.

“The attack on Hollywood Presbyterian Medical Center in Southern California earlier this year, the first in a string of high-profile attacks on healthcare organizations, highlights the challenges that ransomware poses,” Ramirez told the audience. “The perpetrators took out the hospital’s entire network for more than a week, leaving staff without access to email and critical patient data. The malware crippled the hospital’s emergency room and other computer systems necessary for patient care, and forced hospital staff to log medical records with pen and paper.”

In the end, Hollywood Presbyterian paid a ransom to the hackers of 40 bitcoins, or $17,000, to restore its system operations, she said. Ramirez also attributed a similar attack in March that disabled MedStar Health’s computer systems, denying access to email and electronic health records at 10 hospitals in the Washington, DC area for nearly two weeks.

She called ransomware “among the most troubling cyber threats” confronting the United States that is “becoming increasingly more pernicious” and is “escalating at an alarming rate.” Citing statistics from the Department of Justice that ransomware attacks have quadrupled in the past year alone, Ramirez said that the U.S. averages 4,000 incidents per day.

According to the Federal Bureau of Investigation, ransomware victims in the first quarter of 2016 alone paid attackers $209 million, and in 2015 producers of the CryptoWall ransomware attack generated ransom of more than $300 million. “The financial motivation for ransomware attacks suggests that the threat is unlikely to go away any time soon,” added Ramirez.

Ransomware has the highest monetary value for cyber criminals, agrees Craig Williams, senior technical leader and global outreach manager for Cisco Talos, a threat intelligence organization.

“It’s really put things on an economic scale that we just simply have never seen before,” said Williams. “The problem is not only that ransomware is financially attractive for adversaries, but given that money, they are now capable of hiring professional development teams all over the world to evolve and grow this ability to deploy malware at just an amazing rate.”

“I’ll sum it up in one word—it’s scary,” Chad Wilson, director of information security at Children’s National Health System, told the FTC workshop. “The number and sophistication of attacks has really grown exponentially over the past couple of years. There’s not one particular vector that they’re using. They’re using multiple vectors to infect systems and multiple techniques to trick or social engineer doctors, administrators, and other folks to get on systems and access information.”

Nonetheless, Wilson added that cyber hygiene and prevention “does a lot to eliminate the problem upfront, and then you have to invest in incident response and containment methodologies for minimizing the impact when something does happen.”

While physicians are focused primarily on taking care of patients, he concluded that “now they have to learn that bad people are after their information, and they need to learn how to take care of themselves—education does go a long way.”

For reprint and licensing requests for this article, click here.