The Department of Homeland Security is taking action in the wake of myriad recent cyberattacks against hospitals, issuing a ransomware alert to provide more information about the attack type.
In 2012, security vendor Symantec found that by extorting an average ransom of $200, malicious actors profited $33,600 per day, or $394,400 per month, from a single server.
Ransomware variants including Xorist, CryptorBit and CryptoLocker have since proliferated. In early 2016, variants such as Locky and Samas have emerged.
The U.S. Computer Emergency Readiness Team US-CERT recommends actions, including:
- Employing a data backup and recovery plan for all critical information
- Keeping patching up to date
- Using application whitelisting to prevent malicious software and unapproved programs from running
- Not following unsolicited Web links in emails
The attack that paralyzed MedStar Health's computer systems last week mirrored that of ransomware known as MSIL/Samas, which the FBI issued an alert about March 25, three days before the MedStar attack began. Still, the health system has not specified the nature of its attack.
Meanwhile, Hollywood Presbyterian Medical Center in February paid roughly $17,000 (40 bitcoins) to retrieve its information from hackers after staff worked on paper for more than a week.
In addition, King's Daughters Health in Madison, Indiana, shut down all computer systems last Wednesday after a single user's files were infected with ransomware, Eagle Country Online reports. The provider says no patient data was compromised. Alvarado Hospital Medical Center in San Diego also confirmed a malicious software attack, but declined to specify which systems were affected, according to The San Diego Union-Tribune.
Prime Healthcare Services, Alvarado's parent company, last month detected malicious software infections at two of its other California hospitals, Chino Valley Medical Center and Desert Valley Hospital in Victorville.