ICIT: Ransomware will 'wreak havoc' in 2016; healthcare already 'relentlessly' targeted

Ransomware in 2016 will "wreak havoc on America's critical infrastructure community," and the healthcare industry is already seeing an influx of such attacks, according to a recent Institute for Critical Infrastructure Technology report on the threat.

In addition to an increase of new ransomware attacks, older vulnerabilities that were exploited last year will allow malicious actors to "capitalize upon positions that they have previously laid claim," the authors write.

The report points to the healthcare industry, which has previously been off-limits, as one that now is "brutally" and "relentlessly" targeted. The authors say healthcare organizations may have escaped these attacks previously because shutting down systems could endanger the lives of patients, but that mentality is changing.

A few ways for hospitals and other organizations to protect themselves, according to the report, include implementing a comprehensive cybersecurity program, which should include improved training and awareness of threats, having a dedicated information security team, and having a layered defense that will be able to detect and slow intrusions as they occur.

In addition, the report's authors say that if your organization is the victim of a ransomware attack, there are only a few options:

  • Engage the information security team, which should have a response plan in place on what the next steps will be
  • If there is no security team, try to use a system backup to recover the data
  • If data cannot be recovered and the ransom cannot be paid, the organization may have to completely replace devices or systems
  • Pay the ransom

Recent ransomware attacks in healthcare include one at Hollywood Presbyterian Medical Center, which had to pay hackers roughly $17,000 (40 bitcoins), and another at Mount Pleasant, Texas-based Titus Regional Medical Center, in which the provider's electronic health record system was left inaccessible.

The ICIT report says such attacks are done through Locky ransomware, which leaves healthcare data alone but locks users out of computers needed for lab work, CT scans, medical record access and more.

The Los Angeles County Department of Health Services and Ottawa Hospital in Canada also are recent victims of ransomware attacks.

To learn more:
- read the report (.pdf)