Approximately 88% of all ransomware attacks hit hospitals. These attacks can be devastating, preventing patients from getting the care they need. This makes hospitals more likely to pay the ransom to get control of their files back, encouraging hackers to hit more hospitals.
Hospital ransomware attacks are becoming more and more prevalent. In 2017, two major attacks included Petya and WannaCry, which hit 65 and 150 countries respectively. Hancock Regional Hospital in Indiana is just one example. The hospital was infected with SamSam in January this year, paying $45,000 in ransom.
Criminals and hackers generally demand bitcoin in exchange for deactivating the virus. This makes the payment impossible to track.
So how can you prevent a ransomware attack? And what should you do in the event that your hospital is hit?
How Ransomware Works
Ransomware is a form of malware (malicious software), that takes over an organizations computers, denying it access to its data. The attacker demands a ransom, promising that access will be restored once it's paid.
Users are shown how to pay the fee to get their decryption key. This can range from thousands to hundreds of thousands of dollars in Bitcoin.
Ransomware can infect computers in a number of ways. One of the most common is through an email. It will masquerade as a trustworthy file. But once opened or downloaded, will take over the computer, spreading throughout the network.
From there, the malware will encrypt some or all of the organization's files.
Locky is one of the most successful and well-known forms of ransomware. Every now and again it will disappear, only to return with an updated product that's even more sophisticated and powerful. Here's how this ransomware works:
- Employee is sent an email that looks trustworthy
- They click a link which takes them to a seemingly legitimate website
- This website is a landing page which hosts an exploit kit
- This exploit kit starts communicating with the user's computer
- The server looks for vulnerable versions of software on the user's machine
- Once it finds a vulnerable version, it sends a .exe file
- This binary uses a shadow copy like vssadmin.exe with the ransomware
- The binary then deletes shadows to make it difficult to recover files
- Powershell propagates copies throughout the system, encrypting files
- Powershell.exe creates copies of the malware binary in the root C: directory, start directory, and AppData directory
- The copies ensure that the malware will still restart when computers are rebooted
- Once the files are encrypted, the hacker receives an encryption key
- The server messages the victim with directions for payment
- While the payment will often result in an unlocked network, the malware usually hasn't been removed.
- Sometimes, attackers will have loaded additional malware. This allows them to steal intellectual property, credentials, and personal information
As you can see, it all starts with an email. The criminals are also relying on their ability to access all of your backups. That means it's completely possible for you to protect your hospital from ransomware.
Preventing Hospital Ransomware Attacks
Criminals have attacked so many hospitals that they make it look like child's play. But you'd be surprised at just how vulnerable most hospitals are. By simply being proactive, you can make your hospital too difficult of a target so hackers will look elsewhere.
Here are some ways you can prevent a ransomware attack:
Security Training for Staff
Staff security training is key so you can prevent them from clicking on emails containing malware. One way to do this is to frequently send them simulated phishing attacks. Make it a game, and keep people on their toes by sending simulated attacks once a month or so.
This can be hugely time-consuming if you have hundreds or thousands of computers with many different types of applications. This works by scanning machines to note legitimate applications and then blocking any other executables.
Configuring Mail Servers
It can sometimes be a good idea to configure your mail servers so types of files (like zip files) that are likely to be malicious are blocked.
By restricting permissions to different areas in your network, you can make life difficult for hackers. This means that instead of letting thousands of staff members access files located on one server, you break them into smaller groups.
That means that even if one server is infected, the ransomware won't spread to all of your staff members. Hackers then need to spend more time and energy locating and locking down the rest of your servers.
You should already have high-level, reliable security software such as endpoint security software. But many hospitals are still using outdated software. Hackers look for flaws in outdated software since they're easier to hack and unable to fight against attacks. That's why you should be automating your software updates to help reduce the risk of a breach.
Backing Up Data
Regular backups will ensure you have access to all data in the event that you're attacked. But malware targets any backups on your network, so it's important that you're storing data on a different network as well.
This means that your data won't be compromised if an attack occurs on your main network. If you're attacked, you can simply shut down the affected network in the event of an attack while remaining operational.
It's important to stay educated about the latest malware and how criminals are accessing hospital networks. Ransomware is now worth more than $2 billion each year. And since hospitals need 24/7 access to patient data, we can expect ransomware attacks to continue.
Hospital ransomware attacks can result in more than bad press. Patients can be impacted if hospitals are not taking adequate measures to defend against hackers. By using the above tips, you'll keep your hospital safe and prevent a cyberattack.
Not sure if you're adequately protected against ransomware? We can help. Get in touch to learn how we can pinpoint vulnerabilities and ensure hackers look elsewhere.