While the ransomware attacks that recently crippled Washington, D.C.-based MedStar Health system and the Hollywood Presbyterian Medical Center in Los Angeles captured nationwide headlines, those hacker incursions were far from unusual.
On average, healthcare organizations are sustaining one cyberattack per month and nearly half of them suffered lost or exposed patient health information over the last 12 months, according to a February 2016 survey by the Ponemon Institute sponsored by cybersecurity firm ESET North America.
“Healthcare organizations are in the crosshairs of cyber attackers,” according to the Ponemon report, The State of Cybersecurity in Healthcare Organizations in 2016. “Many patients are at risk for medical identity theft.”
Two days after the March 28 MedStar attack, the Department of Homeland Security’s United States Computer Emergency Readiness Team (US-CERT) released an alert for ransomware and similar cyberattacks on healthcare facilities.
US-CERT recommended these preventive measures:
- Create a data backup and recovery plan and do regular backup tests
- Employ application whitelisting to help prevent malware and all unapproved programs from running
- Keep operating systems and software up to date with the latest patches.
- Use modern antivirus software and scan all software downloaded from the Internet
- Restrict user permissions to install and run unapproved software applications
- Avoid enabling macros email attachments and try to block emails with attachments from suspicious sources
- Instruct employees not to click on links in unsolicited emails
Indeed, clicking on infected email links is the main way healthcare data networks get locked down or crippled by ransomware attackers, who often demand payment in crypto-currency.
Cameron Camp, an ESET security researcher, said many healthcare organizations have had success in training employees to avoid such emails, sometimes by using negative incentives like requiring employees taken in by a test malware email to contribute $50 to a company holiday fund.
Sometimes, though, ransomware can also be unleashed by infected websites, Camp said.
Successful cyberattacks tend to inspire copycat attacks and “right now the ransomware tool set is working really well and running up the cash flow,” Camp told SearchHealthIT.
As many other cybersecurity experts have noted, Camp said healthcare IT systems tend to be behind those in other major industries in terms of cybersecurity readiness.
“I think they’re just starting to wake up,” he said, referring to healthcare organizations.
Camp said technologies such as artificial intelligence-enabled penetration monitoring and intrusion detection systems are critical, and can be effective when deployed against attackers who are often unsophisticated and using off-the-shelf hacker “toolkits.”
“They can pick up an attack and jail it in progress,” he said. “Scammers are essentially lazy. Right now they’re running amok in healthcare because it’s low-hanging fruit.”
The next major area cyberattackers could target is mobile because of the profusion of mobile devices in healthcare and other industries, Camp warned.