Ransomware in the Healthcare Sector: An Introduction

Ransomware in the Healthcare Sector: An Introduction

Jeannine LeCompte, Compliance Research Specialist

Healthcare organizations accounted for 34 percent of all ransomware attacks in 2018—dwarfing financial institutions, which accounted for 12 percent, according to the “Beazley 2019 Breach Briefing.”  These statistics demonstrate just how widespread the problem has become.

Electronic, rather than paper, record-keeping has become the standard for diagnosis, treatment, and patient management, making it easier for criminals to attempt to steal data or, in the case of ransomware, to blackmail institutions by threatening to plunge them into chaos.

To prevent and deal with ransomware attacks, it is essential to understand what ransomware is and how it works. Simply explained, ransomware is a malicious program which, when inserted into an IT system, shuts it down until a Bitcoin-based, or other non-traceable financial method, ransom is paid.

This insertion can take place in any number of ways:

  • by clicking on a “phishing” email
  • embedded in a downloaded program
  • physically added through a flash drive in a network computer

Once inserted, the ransomware program then shuts down critical parts of the institution’s operating system. This causes all records and data to be withheld from the users, and instead a message often appears containing instructions on how to pay a ransom in order for the system to be unlocked.

The emergence of Bitcoin—an anonymous alternative international currency—has enabled the use of ransomware, because ransoms can now be demanded, and paid, without the recipient leaving a trail for law enforcement.

Even more disturbingly—and this is dependent upon the nature of the malicious software—the possibility exists that once in control of an institution’s system, the hackers can download all the online data and patient records. The ransomware attackers work on the theory that healthcare facilities are critically dependent upon access to their records, and that software engineers are unable to reopen the files by themselves.

The potential legal HIPAA exposure of healthcare facilities, should they lose confidential patient records, makes them more likely to agree to ransom demands rather than have their data placed on the internet for the world to see.

Ransomware is not something to be taken lightly or dismissed as just another vague internet-based threat which only happens to others—it is a serious issue and can cause catastrophic results for healthcare facilities.