Last year, the healthcare industry saw an immense rise in ransomware attacks. This trend is expected to increase in 2017. Just this month, Erie County Medical Center (ECMC) in Buffalo, N.Y. had a computer virus shut down the hospital’s computer system. According to a local news report on April 16th, the medical center switched to their backup system to avoid paying the hacker’s ransom.
Many healthcare organizations are not as prepared as ECMC. In February of last year, Hollywood Presbyterian Medical Center’s IT systems were shut down by a ransomware attack. They paid the $17,000 ransom to regain access to their EHR. In a statement the medical center’s CEO Allen Stefanek wrote, “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”
The Hollywood Presbyterian Medical Center regained access to their systems after the payment. The Kansas Heart Hospital was not so fortunate. In 2016, the hospital paid the ransom but the hackers didn’t unlock the computer files and demanded more for a complete system return.
The Secret to Avoiding Ransomware Attacks in the Healthcare Industry
Hackers have adapted to the increased security of the Healthcare Industry and are quick to identify vulnerable and valuable data. Looking back at the increase of attacks, how can you prepare your organization?
The secret to avoiding ransomware attacks is two-fold. First, you will identify the cyberattack trends and the vulnerabilities in your systems. Then consult with cybersecurity experts for how to protect your network from attacks.
To better understand the future of ransomware, we have included three predictions for 2017, these include:
Medical Devices Vulnerable to Attack
There is a growing concern that medical devices are the next target for hackers. These devices do not offer enough cybersecurity to protect them from an attack. Terry Rice, the chief information security officer at Merck & Co., shared his concerns with the House Energy and Commerce Oversight and Investigations Subcommittee this year, stating, “Vulnerabilities in pacemakers and insulin pumps can be exploited to cause potentially lethal attacks and we have witnessed entire hospitals in the U.S. and U.K. shutting down for multiple days to combat ransomware infections in critical systems.”
Many healthcare providers are looking to hire cybersecurity specialists to combat such incidences.
Increase in Sophisticated Cyberattacks
The Department of Health and Human Services’ Office for Civil Rights (OCR) released that over 113 million healthcare records were exposed or stolen in 2015. In 2016 the latest report from the OCR stated that 277 breaches affected 14,562,019 individuals. The amount of healthcare records exposed has decreased but the amount of breaches has increased since 2015. This decrease in the amount of data exposed is due to an increase in cybersecurity.
Ransomware is evolving to overcome the advanced security. There are now ransomware variants that allow hackers to selectively lock critical files, and demand higher ransoms to decrypt those files of more secured networks.
Hospital Networks Are the Next Big Target
Many networks for hospitals are vulnerable to attacks unlike health plan providers. Many hospitals will pay the demands of the hacker to ensure they do not disrupt their service. Those that do not pay for their information will often have their stolen private health information (PHI) sold off.
Strengthen Your Cybersecurity Measures
To strengthen your cybersecurity you must deploy prevention and detection tools; consult with threat intelligence experts, train staff on cybersecurity, and conduct risk assessments. The increase in HIPAA enforcement and ransomware attacks makes it unaffordable to not be secure.
For the past 20 years Crossroads has assisted healthcare organizations to develop their cybersecurity. To receive further information about how we can assist your organization, contact us using the form below.