Ransomware Health Care Alert: Study Warns Providers About Threat to Patient Data

Share:

By: James O'Brien|

Cybercriminals have set their sights on the health care industry as a target for ransomware, holding hostage information and infrastructure that could put patients in jeopardy. This attack trend marks a significant shift away from what used to be an off-limits tactic, even for malicious hackers.

Data Under Lock and Key

This change comes with the rise of crypto ransomware, according to a new report from the Institute for Critical Infrastructure Technology (ICIT). Crypto tactics involve encoding and locking away certain files and data within the user interface. To get the decryption key and access the information, victims must pay according to perpetrators’ demands.

Some 90,000 computers worldwide are affected by crypto software daily, accounting for 64 percent of all ransomware attacks studied in the period of 2014 to 2015, according to the ICIT report. As HealthcareITNews reports, “Ransomware is responsible for 406,887 attempted infections and accounts for a total of approximately $325 million in damages.”

Cybercriminals Set Their Sights on Health Care

Health care infrastructure looks to be the newest target. According to FierceHealthIT, Hollywood Presbyterian Medical Center was hit for $17,000 in ransom via a crypto-type attack in early 2016. Titus Regional Medical Center in Texas also found its electronic health record system up for ransom. Additional health care agencies have been targeted in Los Angeles County and Canada.

This shift in industry focus is due to the larger sums health care attacks reap when compared to other types of incidents. In general, the ICIT study puts the average payout at $300 per infected host, but the thousands of dollars cybercriminals are demanding from health care organizations suggest the attackers understand they can get more money from larger organizations, especially when the data is critical to patient lives.

Handling a Ransomware Attack

The U.S. Department of Homeland Security tells victims not to negotiate for their ransomed data, according to NPR; instead, they should restore from backups. However, many victims do pay when they have not made sufficient backups of the ransomed data that they can recover after the attack.

For health care IT departments, the time has come for data security reinforcements — a comprehensive program that trains staff, implements dedicated cybersecurity teams and layers defenses to detect and slow down cybercriminals before they can sequester the critical information on which doctors and patients rely.

Topics: , , ,

About The Author

James O'Brien

Freelance Writer

As a journalist and writer in the branded content space, James O'Brien covers business, technology, social media, marketing, film, food, wine, writing and news. The Nieman Journalism Lab has called his work in the custom content space "sponsored content done right." He has written for major regional newspapers, and he has managed and edited established, startup and turnaround newsrooms in varied markets, from community papers to major-city dailies. He consults for firms and businesses — startups to seasoned — on the creation of effective content strategies and the establishment of practical editorial calendars for enacting them. O'Brien holds a Ph.D. in Editorial Studies from the Editorial Institute at Boston University, where he researched and edited Bob Dylan's other-than-song writings. He is engaged in a bibliography for Oxford University Press, covering writings about filmmaker John Cassavetes. He is the author of "The Indie Writer's Survival Guide." His short stories and poetry are published in numerous journals and magazines.

Articles by James O'Brien
See All Posts