WatchPoint Security Blog

Healthcare Organizations are Biggest Targets for Ransomware

Written by Jordan Kadlec | April 11, 2017

In 2016, several hospitals and healthcare organizations were hit with ransomware attacks. In fact, between October 2016 and February 2017, 42.77% of cyberattacks targeted healthcare organizations. With ransomware attacks predicted to quadruple by 2020, cybersecurity spending is also predicted to exceed $65 billion for the healthcare industry.


Ransomware Attacks on Hospitals

In February 2016, Hollywood Presbyterian Medical Centerbecame the first major hospital to fall victim to a ransomware attack. The attack caused the hospital to cease normal day-to-day operations, and the staff had to turn to manual documentation. Hackers took the medical center’s system hostage and demanded 9,000 in Bitcoins or $3.6 million. The hospital only ended up paying about $17,000 to recover their files but the time lost and damage to their reputation goes way beyond the money.

Methodist Hospital (Henderson, Kentucky),Kansas Heart Hospital (Wichita, Kansas), and Marin Healthcare District (Greenbrae, California) were other healthcare providers that were hit with major ransomware attacks in 2016.

Why Hospitals?

The healthcare industry is in the continuous process of digitizing all its information, leaving them susceptible to cyberattacks. Instead of putting cybersecurity at the forefront of their digital movement, it’s likely that they are moving forward with making their documents digital and then worrying about cybersecurity. Hackers are taking advantage of this outdated way of thinking and hitting hospitals with sophisticated attacks.

The most common distribution method for ransomware attacks is through spam or phishing campaigns. However, cybercriminals are becoming much more sophisticated with these attacks by targeting specific organizations. A ransomware attack on a healthcare organization can be catastrophic to their day-to-day operations. As we saw with the Hollywood Presbyterian Medical Center, a ransomware attack will cause the organization to stop seeing patients and all procedures will have to be canceled; causing the hospital to lose a significant amount of money.

By targeting healthcare providers with ransomware attacks, hackers are presented with an easier and safer way to cash out. Given the potential disruption to the organization, most will opt to simply pay the ransom demanded so they can continue with business operations. What also makes healthcare a golden target is that it not only affects everyone financially, but personally as well. Until the hospital regains control of their network, no procedure can move forward, regardless of how dire the situation is.

Other Cybersecurity Risks for Hospitals

Devices are becoming more and more connected every single day. Atif Ghauri, CTO at Harjavec Group, a global information security company, warns about the Internet of Things (IoT) risk in the 2017 Heathcare Cybersecurity Report from Cybersecurity Ventures. 

“Knowing your disease history, physical limitations, and other personal details exposes everyone to risks,” Ghauri comments. “Consider the IoT risks alone – healthcare compromises could result in fatality from a compromised WiFi heart pump or a dysfunctional smart bed in the surgery room. It’s scary stuff.”

On top of IoT risks, the value of medical records has significantly increased compared to financial records. On the black market, medical records go for $50 to $60 per chart compared to $1 for stolen financial information. Why? It takes a single phone call to cancel a credit or debit card. Having the medical records of an individual allows cybercriminals to commit insurance fraud, buy drugs or medical equipment, or steal an identity.

As of now, healthcare organizations are the largest targets of cyberattacks.  There are several reasons for this:

  1. Outdated networks and outdated cybersecurity systems.
  2. They lack experienced cybersecurity personnel.  This is not unique to healthcare organizations, but with decreasing budgets, hiring top talent becomes even more difficult.
  3. Highly valuable data. At $50-$60 per record, attackers are very motivated to steal healthcare records.
This leads to organizations being more willing to pay ransoms to get data back. Fortunately, the market is starting to realize the effect that a ransomware or other cyberattack could have on their organization. As we said previously, cybersecurity spending is projected to reach $65 billion for the healthcare industry by 2020. Hopefully this is enough to account for the projected increase in cyberattacks on the industry.