Ransomware in Healthcare
By Collin Miller @MobileSecOps
The Atlantic reports that a Los Angeles hospital has been operating without access to email or electronic medical records for over a week after being hit with Ransomware. The attackers are requesting $3.6 million in Bitcoin to restore access to the files. Without a backup, the hospital is stuck operating without access to patients’ treatment history and new records are being recorded on paper. So far law enforcement has been unable to break the encryption, and without adequate backups, the hospital will be forced to start from scratch.
Ransomware – which infects a computer system and encrypts files until after the user pays a fee to the attacker for decryption – is growing in sophistication, profitability and popularity. Protecting against this type of malware requires a three-pronged approach:
First, timely, secure backups are critical.
Second, traditional signature-based antivirus solutions are not enough to protect against these evolving threats. Advanced endpoint protection software that protects against known and unknown malware, as well as preventing the techniques used to exploit software, is needed.
Third, network-based security tools that allow you to detect and prevent intrusions and traffic between infected hosts and their command and control servers provide an additional security layer to prevent this attack.
This incident demonstrates that protecting patient health information is about more than just encrypting it. In security as in healthcare, an ounce of prevention is worth a pound of cure.
Collin Miller is an information security professional with 10 years’ experience. He works for Structured, and – despite being an avid wanderer – calls Portland, Oregon, home.