Since the emergence of the Hollywood Presbyterian Medical Center attack, there have been several other hospitals hit by hackers in just a few short weeks. Sadly, hospitals make relatively easy targets for cybercriminals. Hospital employees are not always aware of how to prevent cyber threats, and many hospitals lack good protocols or any kind of layered security. They’re also enticing to hackers because they’re easier to extort. Not only do most hospitals have outdated systems, they cannot allow downtime—their patients’ lives are on the line.
According to news reports, Methodist Hospital in Kentucky declared an “internal state of emergency” after a ransomware attack encrypted and locked them out of their data. Their data was held for a $1,600 ransom. Both Chino Valley Medical Center and Desert Valley Hospital in California were hit with ransomware attacks as well. Even The Ottawa Hospital in Canada had several computers attacked in March.
However, the largest and most recent attack in headlines is the MedStar Health attack. This attack has knocked out the modern technology of this 10-hospital healthcare group, forcing them to use paper and pens for all records. While they’re still able to handle patient care for people already in treatment, these pre-computer methods are bringing the hospital to pre-computer speeds. (That’s about the speed of molasses, by the way.)
Not only is the hospital running slower, the attack has also eliminated a number of safeguard measures built into the electronic systems, which help prevent human error. In addition, it was reported that some MedStar Health locations were turning potential patients away, due to inadequate resources.
The hackers who attacked MedStar Health demanded $1,250 to unlock a single infected computer, or $18,500 to unlock all of them. To make things worse, the Associated Press recently reported that the hackers gained entry by exploiting a vulnerability that’s been known about for nearly a decade. This whole mess could have been avoided if the hospital had routinely patched their servers! This is something that a managed services company like SWK Technologies would have taken care of for them.
While some of these ransom numbers may not seem like they would break the bank for a large organization, who wants to pay to unlock their own files and deal with the stress of it all, let alone the lost business and negative press? If yours is a smaller organization, such as a private practice, you’re likely to have limited staff, resources, and clients. A ransomware attack could completely shut you down.
Unfortunately, today’s cybercrime situation does not look like it will be going away any time soon. The increasing popularity of ransoming larger organizations shows that hackers are testing the waters to see how much ransom will actually be paid—and their asking prices have been growing. Mounting evidence suggests that we will see ransom numbers continue to rise, along with frequency of attacks.
A big part of why we may be seeing more cyber attacks for ransom instead of physical robberies is that there’s a lot less risk involved for the criminal. The unfortunate reality of these types of attacks is that it is tough for law enforcement to track down or even punish cybercriminals. Even if they get caught, there may not be jurisdiction to prosecute. After all, anyone from anywhere in the world can hack someone with an Internet connection.
Worried about your own security? Contact us to see if you qualify for a free security risk assessment and we can show you how to better protect yourself from threats like this.