As ransomware evolves, healthcare remains a prime target

Locky ransomware continues to be a thorn in the side of the healthcare industry, according to new statistics published this week by security vendor FireEye (hat tip to

In the past month, FireEye notes, Locky has been delivered increasingly in DOCM format email attachments; in March, the company says, a JavaScript-based downloader was being used. Hospitals infected via Locky earlier this year include Ottawa Hospital and, according to Threatpost, Los Angeles-based Hollywood Presbyterian Medical Center, which in February paid hackers a $17,000 ransom to regain access to its electronic health record system.

“These detection spikes and changes in tactics suggest that cybercriminals are investing more to infect systems and maximize their profits,” FireEye’s Ronghwa Chong writes. “Additionally, we have observed that the delivery of Dridex via this distribution channel seems to have stopped, or nearly so, which could explain why we are seeing the Locky uptick.”

A report published in March by the Institute for Critical Infrastructure Technology proclaimed that ransomware such as Locky, which it singled out, will “wreak havoc on America’s critical infrastructure community.” The following month, the Department of Homeland security issued an alert focusing on ransomware attacks against hospitals that also mentioned Locky.

The Department of Health and Human Services, last month, published guidance on ransomware, saying that the government considers such attacks a data breach unless there’s a low probability of information being compromised.

The guidance reinforces the ways HIPAA compliance helps prevent and detect security threats, such as requiring entities to conduct risk analysis, implement procedures to safeguard against malicious software, train employees to detect malicious software and limit access to protected health information to only those who need it to perform their jobs.

To learn more:
- here’s the FireEye post
- check out the Threatpost piece