In the seconds it takes to read the first paragraph of this story, your organization’s entire electronic enterprise could be crippled thanks to one unwitting click.
That’s the alarming reality of “ransomware,” a particularly vicious form of malware that trespasses into a targeted IT system without the user’s knowledge and encrypts files, rendering them inaccessible, until a sum of money is paid to an outside party. The hostile takeover can be triggered in a variety of innocuous ways, and its effects can be devastating, including not having access to patient data.
Even more unsettling, ransomware attacks are becoming more common: According to security vendor Symantec Security Response, an average of 4,000 attacks per day took place in the first quarter of 2016 alone, a 300% increase over 2015. And healthcare is a particularly vulnerable industry for such hacks.
For example, in February, Hollywood Presbyterian Medical Center paid $17,000 in a ransomware attack in order to regain control of its patient records.
Lee Kim, director of privacy and security for the not-for-profit Healthcare Information and Management Systems Society, spoke with Behavioral Healthcare recently to shed some light on how ransomware and other forms of malware are infiltrating healthcare organizations and how those organizations can protect themselves from future attacks.
How ransomware attacks
Ransomware can make its way into a computer through a number of vehicles, such as email attachments (PDFs, photos, etc.), hacked websites and even USB drives given away as baubles at events. While other viruses operate stealthily in the background on a computer, ransomware makes its presence known aggressively as soon as it begins to go to work, Kim says.
“The user ultimately sees a ransom note displayed on-screen demanding payment while holding your system and data hostage,” Kim says. “While you are reading the message on-screen, in the background the ransomware has taken hold of your computer, and within a few seconds, you get a message saying your computer has been infected and here is what you need to do.”
The expectation is that you’ll pay the ransom. For payment, hackers often favor “Bitcoin,” a virtual currency known for its anonymity.
In terms of how ransomware takes over a computer, there are two broad categories. The first is “command-and-control,” which allows the hacker to control a system remotely over an internet connection. An example of this is a program known as CryptoWall 3.0, which generated roughly $325 million in ransom payments in 2015, according to the Cyber Threat Alliance. Healthcare companies are particularly vulnerable to CryptoWall, as they are four-and-a-half times as likely as organizations in other industries to be hit, according to a Raytheon|Websense Security Labs report.
The second form of ransomware is self-contained and does not require an internet connection to control a system once it has been launched, Kim says. She cites Maktub Locker and Samsam as examples of this type of ransomware.
How to protect your system
Beyond the obvious—being wary of links and email attachments from unknown sources—behavioral healthcare providers can take the following steps to limit their exposure to ransomware: