Although no industry is immune from ransomware attacks, the healthcare industry has become an increasingly popular target in 2016 due to medical devices with weak security and the use of legacy systems, according to a new report.
The “McAfee Labs Threats Report: September 2016” revealed explosive growth in ransomware attacks in the past year, with the number of new ransomware samples reaching more than 1.3 million. Earlier in the year, a string of ransomware attacks hit several hospitals across the United States, which impacted patient care and engendered significant financial repercussions.
Ransomware is a form of malware that shuts down a computer system until a ransom is paid. It is typically delivered through phishing or the use of exploit kits. According to the report, in the recent ransomware attacks on hospitals, an employee mistakenly opened a malicious email attachment, which then spurred a chain of events leading to a ransomware infection.
“As targets, hospitals represent an attractive combination of relatively weak data security, complex environments and the urgent need for access to data sources, sometimes in life or death situations,” said Vincent Weafer, vice president for Intel Security’s McAfee Labs. “The new revelations around the scale of ransomware networks and the emerging focus on hospitals remind us that the cybercrime economy has the capacity and motivation to exploit new industry sectors.”
Targeting hospitals can be a very profitable endeavor for ransomware actors, generating as much as $100,000 in ransom payments, according to the report. In February 2016, a California hospital paid $17,000 to hackers to restore their computers systems.
The California hospital attack spurred discussions in underground forums over the ethics of attacks hospitals. The Russian underground, for example, follows a code of conduct that deems hospitals off-limits.
“The cybercriminals’ motive is ease of monetization, with less risk,” Weafer explained. “Corporations and individuals can easily cancel stolen payment cards soon after a breach is discovered. But you can’t change your most personal data or easily replace business plans, contracts, and product designs.”
Intel Security outlined several key policies and procedures to reduce the risk of hospitals falling victim to ransomware attacks. The recommendations included keeping patches up-to-date, having a plan of action in the event of an attack, and leveraging application whitelisting, which prevents unauthorized programs from running.
“We will always face challenges as we work to prevent the exfiltration of data, wherever it is stored and however it is handled,” Weafer said. “But organizations can learn a great deal from this study’s consistent theme of the value of greater visibility into events and incidents across the enterprise, and the longer-term value of the data drawn from this monitoring to construct stronger security postures.”