The Meridian Blog: Tech News, Tips & More for SMB and Enterprise Environments

What the Healthcare Industry MUST Know About Ransomware Attack

Jasmine Lancaster

Posted by Jasmine Lancaster
Wed, Jun 01, 2016

The Institute for Critical Infrastructure Technology (ICIT) has deemed 2016 as the “year ransomware holds America hostage” and states that attacks will “wreak havoc on America’s critical infrastructure community." As several healthcare facilities and providers have already fallen victim to ransomware, healthcare data security has become a top security issue and a regular headline in the news.

Pushed into a corner and faced with two options — to pay, or not to pay — facilities are scrambling to create an environment free from data breach. Sadly, there seems to be no end in sight for healthcare ransomware attacks. No organization, regardless of size, structure, function or status can assume they are safe from attacks, and simply ignoring the problem can invite even more chaos. Therefore, you must take all of the necessary steps to stop ransomware attacks in its tracks.

You may have questions — What is ransomware? What happens if my healthcare facility is a victim of data breach? How can it be prevented? 

Read on for answers to these questions, as well as other vital information regarding healthcare data security.

Related: 5 HIPAA Compliance Best Practices and How MSPs Keep DC SMBs Compliant

What is ransomware?

Techopedia defines ransomware as, “a type of malware program that infects, locks or takes control of a system and demands ransom to undo it. Ransomware attacks and infects a computer with the intention of extorting money from its owner. Ransomware may also be referred to as a crypto-virus, crypto-Trojan or crypto-worm.”

Typically, ransomware is installed when an individual clicks an email attachment containing malicious content, infected software is downloaded, or when an individual visits a malicious website.

As a result, ransomware will cripple access to important data. Crypto ransomware encrypts data, while locker ransomware prevents users from accessing data completely. In order to gain access to their personal data again, an organization must pay up. Although this is not an old western film, the concept is the same. In a nutshell, an organization’s information will be held hostage until they give ransom.

Related: Defend Against Destructive Ransomware and CryptoLocker Malware

How is ransomware dangerous to healthcare?

Once the money is paid to attackers, there is still no guarantee that the data will be released. This is exactly what happened to Kansas Heart Hospital. The hospital fell victim to ransomware attack and paid to have their data unlocked. After payment, hackers demanded more money.

Kansas Heart Hospital is not alone.

  • Alvarado Hospital Medical Center, located in San Diego reported “malware disruption” back in April.
  • Kentucky-based, Methodist Hospital reported that it’s servers were infected with Locky ransomware- this copies vital files, encrypts them, and deletes them.
  • Chino Valley Medical Center and Desert Valley Hospital, both located in California reported attacks just last week.
  • Elliot J Martin Chiropractic PC resulted in the disclosure of approximately 1,200 patient records.
  • Earlier this year, Centers Plan for Healthy Living was the victim of data breach after a computer was stolen. The computer contained vital information for 6,893 patients.
  • Virtua Medical Group was a target of attack, resulting in the disclosure of the records of 1,654 patients.

Again, it is not safe to assume you are immune — no organization, group, or individual is immune to these attacks.

The thought of hospital staff being denied access to patient records is scary and extremely dangerous. Without patient history, it is difficult to provide adequate care and, in some cases, this could mean life or death. Traditionally, hackers have avoided healthcare data breach. Many believe that, since it involved the lives of others, they did not target healthcare facilities.

Related: Best Practices: Data Breach Response for SMB Business Continuity

Recently, there has been an increase in news coverage involving hospitals who have paid hackers to unlock information. Obviously, having access to patient data is critical in executing daily operations. Without adequate information, business comes to an abrupt halt.

We know this, hospital staff knows this, and hackers know this. Information acquired from attacks can include names, social security numbers, email addresses, phone numbers, mailing addresses, etc. Attaining this information is like striking gold. This has been one of the key factors in making the healthcare industry such an attractive target.

Related: Anthem Breach Illustrates Need for Data Security

How can you prevent ransomware attack?

First, it is important to diminish the chances of attack, by simply educating employees. Employees should be capable of identifying malicious emails and websites. Taking the necessary time and resources to teach employees key information regarding phishing attacks could prove beneficial to not only the organization, but the patients who know and trust you with their lives. 

In addition, healthcare facilities must create and execute a cybersecurity plan of action. This must be continuously reviewed and updated, as needed. More healthcare organizations have reported that they are using third-party services to assist in their approach to data security.

Related: Best Practices to Help DC SMBs Fight Phishing and Next-Generation Malware

Properly educating employees, in addition to adequate technology, are important parts in fighting data breach and avoiding standoffs with hackers. Both must continuously evolve. Consult with a Managed Service Provider to start creating your technology road map.

Ready to learn more about cybersecurity best practices? Could your co-workers or employees use a little refresher on how to keep your organization's data secure? Good news! Our free eBook, Cybersecurity Tips for Employees is the complete guide to secure behavior online and in the office (and it's a quick and easy read, too!). Click here to download and share it with your office today!

Cybersecurity Tips for Employees CTA

Jasmine Lancaster

Ready to Become a Pro?

 Our White Paper can help.

whitepaper-4-key-elements-for-building-your-technology-road-map-thumbnail-3Subscribe to our blog and get your copy of "4 Key Elements to Consider When Building Your Technology Road Map"

You'll learn:

  • What role people play in determining your road map
  • How to build a plan in a multi-device world
  • What types of applications need to be considered
  • How data plays a key role in success


Subscribe to get your copy

Leave A Comment

About this blog

News, best practices and more to help you get the most out of your office technology. Whether you're an SMB owner who wears a lot of hats, or an enterprise IT director, facilities manager or just someone who wants to work smarter — this blog has the resources you need to maximize the business impact of all your tech investments. Be sure to subscribe to receive email updates about new posts!

Download our eBook



Sort Posts by Topic

see all