Page 14 - Modern Healthcare (January 2020)
P. 14
Technology
Healthcare ransomware attacks
intensify in severity and sophistication
By Jessica Kim Cohen
SOMETIMES, ransomware can seem
like the flu. As soon as hospitals find a
defense, a new and more sophisticated
version appears—making it difficult for
hospital leaders to keep up.
Cryptic names like WannaCry, Petya
and SamSam—all variants of ransom-
ware—have become common points
of discussion in healthcare. But while
those ransomware campaigns targeted
businesses across industries, it’s becom-
ing more prevalent to see hackers tailor
their approaches within the healthcare
industry, finding new technical vul-
nerabilities to exploit at specific hospi-
tals and more closely customizing the GETTY IMAGES/MODERN HEALTHCARE ILLUSTRATION
phishing emails that deploy malware.
In 2018, healthcare organizations cific hospitals,” he said. “Every time that healthcare
were the fourth most-common target In healthcare, ransomware accounted
for ransomware attacks, making up 7% for more than 70% of all malware—“ma- comes up with a point
of attacks overall, after the technology licious software”—attacks, according to a defense against something,
(28%), consumer goods (15%) and man- data breach report Verizon released last these ransomwares get
ufacturing (11%) industries, according year. Ransomware attacks can come with modified and appear as a
to a report released last year by Cylance, a hefty price tag for their victims, with
a cybersecurity company that Black- hackers demanding thousands to mil- different variant.”
Berry acquired in 2019. But the com- lions of dollars in exchange for decrypt- Clyde Hewitt
pany’s researchers last year noticed an ing an organization’s computer files. Executive adviser
uptick in the sophistication of attacks tar- CynergisTek
geting specific industries, particularly in When a ransomware attack brings
healthcare and local governments, said down a hospital’s IT systems, it doesn’t
Josh Lemos, vice president of research just disrupt internal business process- cess to its IT systems. The attack brought
and intelligence at BlackBerry Cylance. es. It often hits critical medical systems down the system’s computer network
Because of the potential disruption like electronic health records or inter- for two days, during which facilities were
to patient care, “hospitals and pa- net-connected medical devices, forcing forced to reschedule some non-emer-
tient-serving environments” are more hospitals to divert patients to nearby fa- gency procedures and revert to using
likely to pay, he added. cilities. That pushes hospitals to want to paper—rather than electronic—medi-
John Riggi, the American Hospital As- pay the ransom, even if cybersecurity ex- cal records.
sociation’s senior adviser perts, including the Federal “Don’t immediately dismiss the op-
for cybersecurity and risk, Bureau of Investigation, dis- tion of paying ransom,” Hackensack Me-
said he’s also noticed an THE TAKEAWAY courage organizations from ridian Health CEO Robert Garrett wrote
increase in the “sophistica- Chasing new variants doing so. in an op-ed for Modern Healthcare in
tion and severity” of ran- of ransomware is a Just last month, Hack- December. “You may not have the lux-
somware attacks against never-ending job. ensack Meridian Health, a ury of time to consider rebuilding your
healthcare organizations. Tech officials say 17-hospital system based network. We believe it’s our duty to en-
“They now appear to be it’s critical to have in New Jersey, confirmed sure patient safety and protect our com-
highly targeted and highly foundational security it paid hackers an undis- munities’ access to healthcare.”
specific attacks against spe- practices in place. closed sum to regain ac- And ransomware isn’t static. New and
12 Modern Healthcare | January 27, 2020
