Over the past 12 months, cybercriminals have used ransomware with increasing frequency to extort money out of businesses, leading some security experts to predict that healthcare ransomware infections would become a major problem in 2016.

Would cybercriminals stoop so low and attack the providers of critical medical care? The answer is yes. This week a U.S. hospital has taken the decision to pay a ransom to obtain the security keys necessary to unlock data that had been encrypted by ransomware. The attack does not appear to have been targeted, but the ransom still needed to be paid to unlock the hospital’s electronic medical record system.

Last year, Cryptowall infections were regularly reported that required individuals to pay a ransom of around $500 to get the security key to recover files. However, when businesses accidentally install ransomware the ransom demand is usually far higher. Cybercriminals can name their price and it is usually well in excess of $500.

Healthcare Ransomware Infection Results in Hospital Paying $16,664 to Unlock EHR

While businesses have been targeted by cybercriminal gangs and have had their critical data locked by ransomware, it is rare for healthcare providers to be attacked. The latest healthcare ransomware infection does not appear to have been targeted, instead a member of staff inadvertently installed malware which locked the hospital’s enterprise-wide electronic health record system (EHR): The system that houses patient health records and critical medical files.

The EHR of Southern California’s Hollywood Presbyterian Medical Center was locked on February 5, 2016., with physicians and other members of the hospital staff unable to access the EHR to view and log patient health information. An investigation into the IT issue was immediately launched and it soon became apparent that the database had been locked by ransomware.

No one wants to have to pay cybercriminals for security keys, and the hospital took steps to try to recover without having to give in to ransom demands. The Police and FBI were contacted and started an investigation. Computer experts were also brought in to help restore the computer system but all to no avail.

The news of the healthcare ransomware attack broke late last week, with early reports suggesting the hospital had received a ransom demand of 9,000 Bitcoin, or around $3.4 million. The EHR was taken out of action for more than a week while the hospital attempted to recover and unlock its files.

Eventually, the decision had to be taken to pay the ransom. While it may have been possible for patient health data to be restored from backups, the time it would take, the resources required to do that, and the disruption it would likely cause was not deemed to be worth it. Allen Stefanek, CEO of Hollywood Presbyterian Medical Center, took the decision to pay the ransom to obtain the security key to unlock the data.

In a statement posted on the company’s website he confirmed that the reports of a ransom demand of 9,000 Bitcoin were untrue. The attackers were asking for 40 Bitcoin, or $16,664, to release the security key to unlock the hospital’s data.

Stefanek said, “The quickest and most efficient way to restore our systems and administrative functions was to pay the ransom and obtain the decryption key. In the best interest of restoring normal operations, we did this.”

Fortunately, healthcare ransomware attacks are relatively rare, as many healthcare providers in the United States already have controls in place to reduce the likelihood of an attack being successful. Staff are trained to be vigilant and not to install software on healthcare devices or open suspicious email attachments. Many use a spam filter to quarantine suspect emails. The latter being an essential protection against healthcare ransomware attacks.

The Importance of a Robust Spam Filter to Prevent Healthcare Ransomware Attacks

A healthcare ransomware attack does not just have a financial impact; it has potential to cause actual harm to patients. The delivery of healthcare services is slowed as a result of the inability to access and share healthcare data, and not being able to view patient health records could delay the delivery of critical patient care or result in incorrect medications being prescribed. That could be a life or death matter. Preventing healthcare ransomware attacks is therefore essential. A technological solution should be employed for maximum protection.

TitanHQ’s SpamTitan software has been developed to keep businesses protected from malware and ransomware attacks. SpamTitan uses two anti-malware engines to maximize the probability of spam emails and malicious attachments being caught and prevented from being delivered to end user inboxes. SpamTitan catches 99.9% of Spam email and quarantines emails with suspicious attachments to prevent them from being delivered.

If you want to reduce the risk of a suffering a ransomware attack and having to pay cybercriminals to unlock critical data, using a robust, powerful anti-spam solution such as SpamTitan is the best way to protect computers and networks from attack. Along with staff training to improve understanding of healthcare ransomware and other malware, it is possible to prevent attacks from being successful.

For further information on SpamTitan anti-spam solutions, contact the TitanHQ team today:

US Sales +1 813 304 2544

UK/EU Sales +44 203 808 5467

IRL +353 91 54 55 00

Or email sales@spamtitan.com