Why Providers Must Prepare for a Ransomware Attack

May 03, 2021 - As COVID-19 hit, so too did ransomware. In the United States, an attack hit at least 26 healthcare providers between January and May. Most notable was a malware attack on the University of California-San Francisco School of Medicine that cost a $1.14-million ransom.

Additionally, a Czech Republic hospital responsible for most of the country's COVID-19 testing was held to ransom and had to shut down its IT network. As the pandemic was first making waves in March, hackers shut down computers at the Champaign-Urbana Public Health District in Illinois and collected a $300,000 ransom. That led to a cybersecurity advisory jointly released in October by the FBI, CISA, and HHS detailing an increased threat of Ryuk ransomware targeted at healthcare organizations. 

That advisory has followed real-world cases of ransomware hitting healthcare systems. 

The AP reported last October that at least five hospitals in one week were affected, including three in St. Lawrence County, New York.

Beyond the risk of stolen patient data, ransomware and other cyberattacks on hospitals also dramatically reduce the quality of patient care. Last September, an attack hit Universal Health Services, which has more than 250 hospitals and facilities across the country, causing longer ER wait times and forcing all records to be transferred to paper. As a result, employees and patients suffered confusion and mass anxiety.

It’s not only major hospitals. In fact, 70 percent of ransomware attacks targeted facilities with fewer than 500 employees. That’s compounded by the fact that 80 percent of such practices don’t employ an onsite security official. Last year, a private practice in Michigan shut down after a ransomware attack, its first known closure. 

Ransomware attacks don’t just paralyze computer systems. They paralyze patient care. In 2018, a ransomware attack on an Ohio hospital forced emergency room patients to be diverted to another facility. Also that year, an attack on a Missouri hospital forced it to divert trauma and stroke patients and to shut down its electronic health records system. In general, 36 percent of institutions attacked were unable to provide patient care for at least five hours

More alarmingly, one study found that data breaches not only reduce the quality of care, but actually increase the 30-day mortality rate — not just in the immediate aftershocks, but up to two years later.

Ransomware is becoming so commonplace that an episode of The Good Doctor, a medical drama, was devoted to a ransomware attack. After an automated dispensing system in the operating room wouldn’t open, it was revealed that the entire network was down. The issues compounded. Chemotherapy appointments had to be rejiggered. Non-essential surgeries were postponed. It was up to the IT director, who’s also one of the main characters, to find a solution in 24 hours or the hospital would have to pay $2 million. (Since it’s Hollywood, a solution was found right in time and no money was transferred. A big network show devoting an episode to the problem shows it’s going mainstream.)

Hackers will keep coming after patients’ highly valuable personal data. The best way to prevent them from getting to it is to have a solution in place that stops email-based attacks before they happen. It’s also critical to have a complete DLP solution, with healthcare-specific tools to detect leaks of PCI, HIPAA, FERPA, PII and other sensitive information.

It’s a tough challenge. But with the right tools, taming ransomware can be done.

_______________________________________

Avanan is a cloud email and collaboration security platform that pioneered and patented a new approach to prevent sophisticated attacks. By deploying inline via API, Avanan is uniquely situated to catch and stop the sophisticated attacks, across all platforms, that evade default and advanced security solutions.

Learn more about the Avanan solution