How hospitals can recover from — and prevent — ransomware attacks

September 19, 2016
by Lee Nelson, Contributing Reporter
Stealthy cyber criminals are hacking into more and more websites and implementing malicious software blocking access to a computer system until someone pays a specified sum of money — and health care providers have proven to be a prime target.

According to Ron Temske, vice president of security solutions, Logicalis US, an international IT solutions provider, ransomware has become one of the most sophisticated criminal enterprises the world has ever seen.

In a recent webinar, Temske and Jason Malacko, IT security expert, Logicalis US, offered tips on how to prevent one's business from becoming a casualty of the ransomware epidemic.

Why is ransomware growing?

“Basically, it’s profitable,” said Temske. “It’s a $1 billion enterprise. That would be something that would be heralded as an accomplishment if it weren’t based on such nefarious principles.”

A recent industry study found that nearly half of all U.S. businesses were the victims of at least one ransomware attack in just the past year. Plus, according to the U.S. Department of Health and Human Services Office for Civil Rights, over 230 health care breaches impacted a combined loss of over 112 million records and affected 500 individuals or more in each breach.

The top 10 breaches alone accounted for just over 111 million records, and the top six breaches affected at least 1 million individuals.

“It can be used by anyone," said Temske. "You don’t even have to be a security practitioner to deliver ransomware."

One example of a health care facility being held hostage was in February when hackers got paid $17,000 or 40 Bitcoins by officials at the Hollywood Presbyterian Medical Center in Los Angeles. The CEO was quoted by many news agencies as saying they paid the ransom because it was in their best interest, and was the most efficient way to end the problem.

Whether or not business leaders decide to pay the kidnappers who have taken over their data, Logicalis experts said that companies need to be ready for an attack way before it happens, to be able to detect it and then stop it while it’s happening. Plus, some companies are able to recover from it after it happens to them.

How can a facility prevent ransomware or recover from it?

First of all, businesses need to understand how they actually receive ransomware, Malacko said.

“It most frequently will be coming from the web or an email. It might be an email that has attached documents. It might come in an archive or link. It could even be a hacked website called a watering hole that redirects you to the payload of the ransomware,” he said.

Some companies can decrypt it themselves. Once you are a hostage, the key is to move off to where the kidnappers aren’t.

“It really is about having a layered defense, a true architectural, integrative approach, and working together with those in your company,” Temske said.

By having a holistic approach to security, company IT staff and leaders will know that things are in place in case you are attacked. The time to plan isn’t when you are under attack. You want to have documented procedures in place before anything happens.

Five steps to ward off an attack and recover from one: