The rise of ransomware in healthcare

Healthcare providers and hospitals alike have been making headlines, having fallen victim​ ​to ransomware attack after attack

intro
Credit: Barkly
Eight surprising statistics on the skyrocketing rise of ransomware in healthcare

In just a short amount of time, ransomware has grown from fringe cyber attacks to a widespread epidemic across all industries, hitting healthcare by far the hardest. With the success of several high-profile attacks on hospitals, criminals are increasingly targeting healthcare providers. In just Q1 of 2016, researchers at Symantec saw an average of 4,000 ransomware attacks per day. The loss of access to patient records alone can result in suspension of critical services and a complete halt in communication. To put this all into perspective, Barkly shared these surprising statistics with me.

slide1
Credit: Barkly
Bullseye on healthcare

When ransomware attacks, the damage can be devastating and in some cases, entire hospitals have been crippled for days. The thieves recognize both the value and the vulnerabilities of healthcare information and security gaps which exist in the connected world. According to Raytheon/Websense’s Industry Drill-Down, healthcare providers are 4.5 times more likely to be hit by CryptoWall than companies in other industries.

slide2
Credit: Barkly
A comparative view

Attackers remain one step ahead of traditional security software by developing different types of ransomware variants that help them avoid being detected. Although ransomware has been around since 1989, attacks have since recently become more common due to its success in  the healthcare industry. In 2015, 362,000 new crypto-ransomware variants were identified, an average of nearly ​1,000 new variants per day.

slide3
Credit: Barkly
Estimated cost of impact

To calculate the true cost of ransomware, organizations have to take into account the cost of downtime. The Ponemon Institute found that unplanned downtime at healthcare organizations may cost an average of $7,900 a minute, per incident​. Since attackers view healthcare providers as such easy targets, it’s now critical  to understand how ransomware works, how to respond to it, and most importantly, how it can be avoided in the first place.

slide4
Credit: Barkly
Ransomware doing double time

The Hollywood Presbyterian Hospital experienced over a week of downtime disruption of services that were critical for keeping the hospital system up and running. According to a report from The AC Group, it takes physicians double the time to perform ​admin tasks manually when their EHR system is down. This time translates directly into the cost of ransom.

slide4
Credit: Barkly
What makes it different

Ransomware is different from other viruses. Alerting users of its presence is part of its routine, relying on speed more than stealth once the infection is on the machine. Recent research finds that 85 percent of IT pros have been or expect to be hit with ransomware​ at some point in time at their organization.

slide6
Credit: Barkly
Special delivery

Counter to what many may think, ​online threats aren’t confined to sketchy websites. Malicious ads, or “malvertising,” can turn even legitimate sites into vehicles for delivering ransomware. The skyrocketing growth is proven in the number of  phishing emails that are delivering ransomware: 93% to be exact. Specifically for healthcare industries, administrators need to be prepared to act quickly in order to contain, assess, and prevent any further infection.

slide7
Credit: Barkly
Give ransomware an inch, it will take a mile

Of course, preventing ransomware is infinitely better than having to recover from it. Ransomware has compromised many healthcare systems by preventing access to encrypted patient information, directly impacting the safety of this data. Six out of 10 ​victim organizations made changes to their security strategy after a ransomware attack​, whether it was in the form of adding security technology that blocks malware and restricts access or implementing security awareness training programs.

slide8
Credit: Barkly
The current state of healthcare

In the report, The Current State of Healthcare Endpoint Security, Duo Security looked at their healthcare customers and compared them to the rest of their users. What they found was that healthcare providers are two times more likely to have flash installed than industry average, three times more likely to have Java installed, and nearly four times more likely to use outdated versions of Internet Explorer​.