Are You Prepared For Healthcare Ransomware?
Earlier this month, a Texas hospital was hit with a particularly loathsome virus. Leaders at Mount Pleasant, Tx.-based Titus Regional Medical Center found out on January 15 that a “ransomware” virus had encrypted files on several of the medical center’s database servers, blocking access to EMR data as well as the ability to enter data into the system.
In this kind of attack, the malware author demands a financial ransom to be paid for freeing up the data. TRMC didn’t disclose how much money the attacker(s) demanded, but it may have been an immense sum, because the hospital apparently thought that bringing in pricey security consultants and enduring several days of downtime was preferable to paying up. Although, they also probably realized the slippery slope of paying the ransom and also there’s no guarantee those receiving the ransom money will actually permanently fix the problem.
It would be nice to think that this was just a passing fad, but researchers suggest that it’s not. In fact, US victims of ransomware reported losses of more than $18 million in 14 months, according to an FBI report issued in June.
According to one news report, the average ransomware demand is about $300 per consumer. The amount demanded goes up, however, when business or government organizations are involved. For example, when a series of small police departments in Massachusetts, New Hampshire and Tennessee were hit with a ransomware attack tying up their key databases, they ended up paying between $500 to $750 to get back access to their data. One can only imagine what a savvy intruder familiar with the life-and-death demand for health information would charge to free up an EMR database or laboratory information system data store.
But the threat isn’t just to enterprise assets. Not only are hospital enterprise network attacks via ransomware likely to increase, these exploits could take place via wearables or medical devices in 2016, according to technology analyst firm Forrester Research. Such attacks don’t just use medical devices to reach databases; Forrester predicts that some ransomware attacks will disable the medical devices themselves.
Given how important mobile technology has become to healthcare, it’s worth noting that ransomware is increasingly targeting mobile devices as well.
Read the FULL STORY on Hospital EMR & EHR