Concerns About Ransomware Rise as Attack Rates Climb

A series of recent surveys point to challenging times ahead for healthcare providers who have neglected to take the proper steps to prevent a cybersecurity attack.

A survey of hospitals conducted by HIMSS Analytics and Healthcare IT News found that more than half of respondents would ignore the advice of cybersecurity experts and refuse to pay the ransom in a ransomware attack. According to the results of that survey, 50.8 percent of hospital administrators said they would not pay ransom, and 44.3 percent were unsure about the actions they would take. And yet, results from the same survey show that a majority of those surveyed have fallen victim to a ransomware attack, with only 18 percent reporting there were no ransomware attacks in their facilities.

These statistics are alarming in light of multiple surveys and reports finding that the rates of ransomware attacks are skyrocketing, and are likely to continue.

A Growing Threat

A study released by the cybersecurity firm HITRUST found that half of the 30 mid-sized hospitals that HITRUST surveyed had contended with a ransomware attack and the trend is likely to continue due to the profitability for cyber criminals.

In a Reuters interview about their report, which hasn’t been released publicly, HITRUST investigators explained that ransom attacks are efficient forms of extortion because hackers get paid immediately. It takes a lot more effort and planning, on a criminal’s part, to install malware that steals electronic health records that can be turned around and sold on the black market. That method, according to report authors, requires attackers to go undetected on an organization’s server for a much longer period of time.

With several prominent attacks in recent months at health systems such as those owned by MedStar, Kings’ Daughters’ Health (based in Indiana), and Hollywood Presbyterian, security consultants have been overwhelmed by calls from concerned hospitals.

Eldon Sprickerhoff, founder of the Canadian consulting firm eSentire, told Modern Healthcare that he’s worried that the supply of cybersecurity tools and resources won’t be able to keep up with the demand for protection.

“This is a new animal. The situation has changed so dramatically in the last six weeks. I’m hopeful, but not optimistic they can do it,” he told the publication.

Fortunately, there have been some “home-grown” tools to fight ransomware. The BBC reported that an unidentified programmer released a “key generator” for the widely used Petya ransomware program. The tool, which was posted to a code-sharing website, is said to exploit shortfalls in ransomware programs, and can generate decryption keys in Petya-infected machines in seven seconds.

Mary Butler is the associate editor at The Journal of AHIMA.

1 Comment

  1. I can understand why most people say they wouldn’t want to pay the ransom. I mean, when you do that, “they” win. The problem is it’s not like you’re just dealing with your personal data on your own PC or something. You’re dealing with healthcare data of immense importance. It sucks, but paying the ransom is just what you have to do. Let’s just be glad that paying the ransom actually allows you to access your data at all! What a nightmare it’d be if you paid the ransom and then they left your data encrypted anyway.

    Post a Reply

Submit a Comment

Your email address will not be published. Required fields are marked *