Hospitals Prime Targets for Ransomware

By Michelle Amodio
TMCnet Contributor

Hospitals are prime targets for ransomware due to the type of information they deal with on a daily basis. Patient information, health history, payment information, Social Security numbers – all of these are hot ticket pieces of data that are perfect for identity theft and other types of cyber crime. Criminals are not only locking up this data; they’re holding it for ransom.

It wasn’t that long ago that UMass Memorial Medical Center was the victim of ransomware. One email provided a gateway for malicious code – a code that found its way into several computers – locking up dozens of files, all of which were inaccessible unless a “hefty” bounty was paid up.

Similar attacks recently struck Methodist Hospital in Henderson, Kentucky, Ottawa Hospital, King’s Daughters Health in Indiana, and Hollywood Presbyterian Medical Center, Chino Valley and Desert Valley Hospitals in Southern California.

For Hollywood Presbyterian Medical Center, the ransom was 40 Bitcoins, which is equivalent to $17,000. The reason for the Bitcoin ransom payment request is simple: it makes it easier to demand large sums of cash.  Bitcoin is considered the currency of the Internet. Why? It’s distributed, worldwide, and decentralized digital money. Bitcoins are issued and managed without any central authority whatsoever.  There is no government, company, or bank in charge of Bitcoin, so it’s a much more attractive option for cyber criminals.

"Bitcoin takes a little bit of sophistication, but overall, it isn't anything you can't learn by going on Wikipedia," Ed Cabrera, vice president of cyber security strategy for Trend Micro (News - Alert), in an interview with NBC News.

Ransomware overall isn’t complicated, so when paired with the ease of Bitcoin, you have a recipe for data disaster.

These attacks have gleaned attention from elected officials who are seeking more information on how and why these attacks have happened.

Sen. Barbara Boxer (D-Calif.) penned a letter to FBI Director James Comey for information about how the agency is investigating recent the attacks on hospitals in California, the District of Columbia, and around the country.

“I am concerned that by hospitals paying these ransoms, we are creating a perverse incentive for hackers to continue these dangerous attacks,” she wrote.

It begs the question: How ready are hospitals for a ransomware attack should it succeed, and should their data or systems be encrypted?

According to Healthcare IT News, healthcare executives should focus their efforts on educating their end-users. Employees who are ready are the biggest deterrent to hackers getting in.

US-CERT, the country's Computer Emergency Readiness Team, provides some counter-measures: backing up data, keeping software up to date, and restricting users’ permissions to install software.