Ransomware Finds A Home In Healthcare


PwC named cybersecurity one if the top 10 issues facing the healthcare industry in 2016. These warnings stemmed from a series of high profile hacks in 2015 that led to hundreds of millions of patient records becoming exposed to cybercriminals. By the end of 2015, healthcare had the dubious distinction of being named the leading non-government source of data breaches, accounting for 22 percent of all data breaches during the year. According to a 10Fold Communications report, the top seven cyberattacks of 2015 alone resulted in the exposure of 193 million patient records.

While the year was a bad one for data security, 2015 headlines on the topic focused on the rise of hackers stealing patient information from massive databases, such as the January 2015 theft of 78 million patient records from insurer Anthem. Those kinds of attacks are expected to continue, but a new form of cyberattacks – ransomware attacks – is also making its presence known in healthcare.

Ransomware, by definition, is a form of cyberattack in which the hackers breach a system and then block access to resources on that network, typically by encrypting databases on the network with a secret encryption key. These hackers then demand a ransom in order to restore access to the files. Healthcare is particularly vulnerable to these forms of attacks because critical information, like EHRs, are stored on networks that are not generally as secure as they should be.  A 2015 KPMG study found that only 53 percent of provider organizations feel that they are ready to defend against a cyberattack, while four-fifths of healthcare executives say that their systems have already been compromised by cyberattacks.

On a Friday evening in January, administrators at Titus Regional Medical Center (TX) noticed that access to the hospital’s EHR system had been compromised. Hospital Public Information Officer Shannon Norfleet describes, “It’s just like in the 1970s, before electronic medical records. Everything is on paper and people are serving as runners. There’s no automation.” While patient care continued on paper, administrators worked with local police and the FBI as criminals demanded an undisclosed sum to unencrypt the hospital’s files and restore access to their system. More than a week later, access was finally restored to end users at Titus. The hospital reports that it did not pay a ransom, and instead worked with network administrators and the FBI to overcome the ransomware code that had infected the network.

Just two weeks later in California, hospital administrators at Hollywood Presbyterian Medical Center are facing a similar situation. Their network was also compromised by hackers, also on a Friday, and also impacting EHR access. In this case, hackers demanded 9,000 bitcoin, or just over $3 million, to restore access to the system. While Hollywood has thus far declined to pay the ransom, a computer forensics expert familiar with ransomware cases acknowledged that it is typically cheaper to pay the ransom than to attempt to fix the problems internally.

Enjoy HIStalk Connect? Sign up for update alerts, or follow us at @HIStalkConnect.

↑ Back to top

Founding Sponsors

Platinum Sponsors